{ "Event": { "analysis": "1", "date": "2026-04-19", "extends_uuid": "", "info": "[Threat Intel] Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis", "protected": false, "publish_timestamp": "1779545307", "published": true, "threat_level_id": "2", "timestamp": "1779545307", "uuid": "706081ae-a367-4448-867f-db4633273ff0", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#d74cce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"", "relationship_type": "" }, { "colour": "#3bc6ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing Certificates - T1588.003\"", "relationship_type": "" }, { "colour": "#256f6a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL - T1574.001\"", "relationship_type": "" }, { "colour": "#cb2c9b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": "" }, { "colour": "#d4fd6f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Time Based Evasion - T1497.003\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776913224", "to_ids": false, "type": "link", "uuid": "75319fa7-3b1f-4e3e-a125-3a18a978e698", "value": "https://ctrlaltintel.com/research/FudCrypt-analysis-1/#c2-infrastructure", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776913224", "to_ids": false, "type": "text", "uuid": "a321b75c-9ef6-49ef-bcbe-8c3486d2cae8", "value": "FudCrypt is a Cryptor-as-a-Service platform offering subscription-based malware obfuscation for $800 to $2,000 monthly. The service wraps customer payloads in multi-stage deployment packages featuring DLL sideloading, AMSI and ETW interference, silent UAC elevation via CMSTPLUA, and Windows Defender tampering through Group Policy. Analysis of recovered server infrastructure revealed 200 registered users, 334 builds, and comprehensive fleet C2 command history across 32 enrolled agents. The operator maintains a separate signing infrastructure using four Azure Trusted Signing accounts to sign operator-controlled binaries including fleet agents, native loaders, and ScreenConnect installers. The platform employs 20 undocumented DLL sideload carrier profiles, per-build polymorphic encryption with layered XOR-32, RC4-16, and custom S-box transforms, and an advanced development branch featuring indirect syscalls, module stomping, fiber-based execution, and Ekko sleep obfuscation. Server infrastructure included exp..." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776913224", "to_ids": false, "type": "text", "uuid": "d562c4ca-2324-4b83-a233-8c22891862f6", "value": "Name: Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis\nAuthor: AlienVault\nAdversary: \nTags: [\"cmstplua-uac-bypass\", \"azure-trusted-signing\", \"cryptor-as-a-service\", \"dll-sideloading\", \"etw-patching\", \"amsi-bypass\", \"screenconnect\", \"fudcrypt\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: []\nIndustries: []" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314422", "to_ids": true, "type": "domain", "uuid": "e943ad01-5246-4b01-8f4c-ed5c25a869a2", "value": "fudcrypt.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314443", "to_ids": true, "type": "domain", "uuid": "3c29081e-d3b7-4cb0-811e-98c8a31fa7d5", "value": "hijacklibs.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545171", "to_ids": true, "type": "sha256", "uuid": "1e4a2fa2-4ce0-4cbb-9eba-794f493f576b", "value": "d9f6a4b487a0f78fd25459b9adecc9895f38ef64792bbeef31f814a25f029306", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545173", "to_ids": true, "type": "sha256", "uuid": "51e8238a-ee05-4de8-93fd-8028c8061b8e", "value": "f3a127a18dfdf5a60c2a25910a0cc40d012216e7f8326c95389d3f2ffb926eb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545174", "to_ids": true, "type": "sha256", "uuid": "d6079ab9-e4d9-47e5-844a-46cb4c2831a3", "value": "188cb7f9fa424124258542cbc3cb72f014af66d51772664a237c042dc7f99ce1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545176", "to_ids": true, "type": "sha256", "uuid": "c0187010-555c-4827-bdcb-60ee148a6eef", "value": "6d3448fbc1cb7f2cb9d5f87571449a435873c9633c7aef05185aa7bae0b708b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545178", "to_ids": true, "type": "sha256", "uuid": "10a03dd8-e9c2-4e8a-ad39-3c8cd7f8857a", "value": "21fc49b47bd1c6c8412ac49a08a2013c91330608c2dfc353a3d196a0318e8e4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545180", "to_ids": true, "type": "sha256", "uuid": "a7ee0755-2b6d-4d07-adfa-24c2262a327c", "value": "ea5dcf8089792414c561eac4972434e01efa8caaddb0a02a5277bc13b292ca44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545182", "to_ids": true, "type": "sha256", "uuid": "49592ec7-df9c-4bc9-8c39-11fc6652a615", "value": "91ce38ac8a0279438c354c11e7ffb307a1a7f561f8c172ac73a5783a82c050b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545183", "to_ids": true, "type": "sha256", "uuid": "87323a92-ebc4-4114-9113-e06d998c1b86", "value": "ddfe289a6b3d63ce1e824882c7eb8cfddcdd6a346535fd65d69f35c0e9293f42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545185", "to_ids": true, "type": "md5", "uuid": "7da26287-75c1-451f-80cd-37c16b6731de", "value": "cf137b42e3ce9e7a3ef85062df950b4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545187", "to_ids": true, "type": "sha1", "uuid": "d70df6b2-f1e6-4b83-a427-cdc439761925", "value": "7952e195f8d483e5e197ef80686e7efd646c3253", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545189", "to_ids": true, "type": "sha256", "uuid": "42ab94cd-6928-4b03-9893-484c47fa15f9", "value": "b25e8a0b84e5bd7b5cc6dc480d2df8a6f942688c6c7760604e35bf8f1e05e328", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314464", "to_ids": true, "type": "url", "uuid": "f6a8157f-7e24-42a2-b277-734e20fd40f4", "value": "http://mstelemetrycloud.com/agent", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314485", "to_ids": true, "type": "domain", "uuid": "319d71eb-28ff-46e9-b52f-782043255384", "value": "mstelemetrycloud.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314507", "to_ids": true, "type": "hostname", "uuid": "e9c17192-ae5a-45eb-a95b-def5bdc8390c", "value": "dl.admin334577joagj13.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545191", "to_ids": true, "type": "md5", "uuid": "de68741e-756d-4e9f-9060-90849f2445c3", "value": "221f053fc4259df0785eb3c4cf0bae5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545192", "to_ids": true, "type": "md5", "uuid": "06654758-01f9-4268-90fd-b9337712107a", "value": "2e7055ef4bccf1ce3734f38ff4d9f39e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545194", "to_ids": true, "type": "md5", "uuid": "9d2a32ad-2904-4412-a012-258a3cae4227", "value": "49dca5606d0e97dc08f15b64919e6d90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545196", "to_ids": true, "type": "md5", "uuid": "a4caf235-8f1b-4098-9682-115f9025e2c5", "value": "604bd3f7fd627afc08f4fdf623edfc13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545198", "to_ids": true, "type": "md5", "uuid": "a56750b7-3641-4467-9ea7-98318a709a2b", "value": "756d7ac8307cd3baa55b3e451e956d09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545200", "to_ids": true, "type": "md5", "uuid": "90e6e838-4225-47b7-bbd1-b8d780090375", "value": "7b12b4532919e0170999ce3dde941bc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545201", "to_ids": true, "type": "md5", "uuid": "76eadeb1-360a-4bd7-b238-814060459f3b", "value": "90ff7d2c3d53376f705b71dd22b9d999", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545203", "to_ids": true, "type": "md5", "uuid": "f828e783-c289-46c2-ac03-725f30b11420", "value": "96f955a1e420d003854c2e55e4491959", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545205", "to_ids": true, "type": "md5", "uuid": "859751dd-eb7f-473f-8525-3c91950a2742", "value": "a29e7ab0d1e5d279dfee0e979c14eab4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545207", "to_ids": true, "type": "md5", "uuid": "efc02fee-4b7c-466f-8b0d-4a55ba7152a6", "value": "a94ac3ebb735696ab683d9aaac625ed0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545208", "to_ids": true, "type": "md5", "uuid": "74f211d0-c8ce-4250-944e-cfc81e3e65ec", "value": "ab3e8aabd7132a1016425a2819082ec8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545210", "to_ids": true, "type": "sha1", "uuid": "304edde5-fdba-45c7-8132-5a6799d41dac", "value": "197c7369cc5c2160b1db55e79681d09f2a80643a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545212", "to_ids": true, "type": "sha1", "uuid": "0ac45ac3-e8e4-41aa-b743-87b03c893fba", "value": "200bb92002e786bb1e8072bbdd67845d1e205969", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545213", "to_ids": true, "type": "sha1", "uuid": "4eef733d-e91b-4f0f-82cf-b551ca1d5536", "value": "212ba1c95d00b8a84f53df2596d4ba9da25418fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545215", "to_ids": true, "type": "sha1", "uuid": "542e4e3c-615b-481e-9473-a68fe2fdd192", "value": "50f1cb0a33768f32e43ff39950d65ddfe00b889f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545217", "to_ids": true, "type": "sha1", "uuid": "91573c1e-cbe8-409d-9537-defb78ac88a9", "value": "a1253c1fd8bf4eb80094b963172f5fa3766711b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545219", "to_ids": true, "type": "sha1", "uuid": "2c1d1e41-be49-4ba5-b0e7-095ed4a846f3", "value": "b4f64778176756188b1a55a1558396d923cedda6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545220", "to_ids": true, "type": "sha1", "uuid": "16c98d8a-a225-443b-a27f-460457c5103d", "value": "ba3b6ad3b9acb8dd505dc12bf2627864ac09d9c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545222", "to_ids": true, "type": "sha1", "uuid": "a61528bc-843d-4f37-bb70-213106cdb1cc", "value": "c2956ae664c26baa3c701391a5ea5a66d902d624", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545224", "to_ids": true, "type": "sha1", "uuid": "35dc91b1-6335-49c9-9926-7208537fb514", "value": "c3508ba08059106430e81fb1099a6c90690ba57d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545226", "to_ids": true, "type": "sha1", "uuid": "d2bc2d53-98a1-41aa-af13-fb902dca2c86", "value": "d286efb30dc304520fb08cdfaffc3d981c323952", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545228", "to_ids": true, "type": "sha1", "uuid": "3f0f769e-cd24-40cf-a429-d702d932b53c", "value": "fc98340c405f245f1425d50b458b2848883a0f85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545229", "to_ids": true, "type": "sha256", "uuid": "e7b72af5-c9f7-4019-ac4c-fae246cd8ae0", "value": "02510b782a3f47a2cfce0b721a1530c325be15c3f540304681a92032ce22ee26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545231", "to_ids": true, "type": "sha256", "uuid": "95fac777-be0f-4d67-b36e-4f3d976a7725", "value": "0948c44b0955957841629c838f8b6830def5ae8a2b6b162cb171485125dda638", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545233", "to_ids": true, "type": "sha256", "uuid": "ed987d1e-11d0-493b-a92c-d329d2e4890d", "value": "0f5a4aa7888459dd56f194284db0016aa854f4b25df5f63e975b8f1be3e4f316", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545235", "to_ids": true, "type": "sha256", "uuid": "57beafab-55bc-45a9-8ffd-4a7f21b78cba", "value": "16fd8f17f6b2991f20e4cb31deefb3a21cc7940a2e28ca5854935ce84c82c671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545236", "to_ids": true, "type": "sha256", "uuid": "1d91feb9-3a90-4f2e-b806-dda21b9a1be0", "value": "21e3e759b4da8212cbc58c50e6f90335c65f5f83317f4c19cd5381369c2676db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545238", "to_ids": true, "type": "sha256", "uuid": "899f361e-0864-4694-9283-8460abdb8a50", "value": "248757cc516979565ba660787135c9f6bf94e4b1613c46a4bdacb02a2e444610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545240", "to_ids": true, "type": "sha256", "uuid": "c4be4c7d-478b-4efe-b503-859fe7511575", "value": "282f2ae2036c043814e82ce447883f17fc130d92f2679a1099753c9b5cad5873", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545241", "to_ids": true, "type": "sha256", "uuid": "64d2ecda-e178-472a-b30f-ad92739804a1", "value": "37be0edf4f3874331fa44e4697af059d27693fa4a51f42b80828df928115f409", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545243", "to_ids": true, "type": "sha256", "uuid": "aeb123a0-e275-4f13-a8c1-586720227a18", "value": "3e28c0e009b791fae78e118e3b78ee7d10e82f0cfc568e470f0d617501de3802", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545245", "to_ids": true, "type": "sha256", "uuid": "afba409a-a39c-45bc-a596-5d324bda25b1", "value": "47bed35c272bf9fb9b67937a9c0a2ee7b476d89663ab2bbb4654c27eedf0c7c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545247", "to_ids": true, "type": "sha256", "uuid": "a4409efc-974d-4b00-ae35-793f8a9b37c2", "value": "56d6bb3a7744aa224675155458fa5bb358fbaeddbab81f22b5f405ef7dcbf603", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545249", "to_ids": true, "type": "sha256", "uuid": "ffd82cef-1fee-4f10-bc7e-3626d3d19259", "value": "5f72806055ace3d9961e5c5410b3caf12f77d039f4c27732fc370fa53656fa49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545250", "to_ids": true, "type": "sha256", "uuid": "07b67df3-d45d-4c6a-9b40-5bd5d7126b37", "value": "64552c2ced89a713e034278994e3e49ebba3b38d4371683d14a10050b638e849", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545252", "to_ids": true, "type": "sha256", "uuid": "f3ddaa4a-f957-47af-95ab-f552a982de93", "value": "65055c18e2f32241272312208f77f8b10025685aa5704b6c9707c53df83c551e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545254", "to_ids": true, "type": "sha256", "uuid": "0b1bbcd0-0ac1-4188-8d72-ca472c6f79f7", "value": "6b71533aabcda84c9b3d30f64b9c4d4688a01ccbe59922029497468239436d09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545256", "to_ids": true, "type": "sha256", "uuid": "39700584-1f9d-4fbd-a660-9d3b6823b242", "value": "6c3de9dcfdf458bc0f8b62ef1dcbaf339eb313d2206f952c47b12b431f3f39ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545258", "to_ids": true, "type": "sha256", "uuid": "903018ff-d7cf-42a0-a9e6-385eb584adcc", "value": "714a60230004a3f2b636402e83d80350fc892dc41e38a05b9032850072bfc92c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545259", "to_ids": true, "type": "sha256", "uuid": "955ff60d-30b9-4a7c-ae3c-b66c29b50fbb", "value": "7cd1d2f7303bda0596d94e312a26ffa0349c98b84b0e0f4a3562a8ffffc31e37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545261", "to_ids": true, "type": "sha256", "uuid": "1976a79d-089b-47a0-a906-d0dd69f7bdc2", "value": "81acb18dac894589357d3e695825745b677aba5e9b848a9b21328457fdc5068a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545263", "to_ids": true, "type": "sha256", "uuid": "515eba9f-3d8f-492f-80b8-d44fd779aeb8", "value": "841b4476fee6d2401fba240903b35826ebc178593d4d0684ec5eba40c0fa3a59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545265", "to_ids": true, "type": "sha256", "uuid": "56052e13-6695-4729-9efa-dbb42ec91ca8", "value": "849f0e52323dd332d70cd043aab270a4056015526a35de082f0cd93f30e55ac8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545267", "to_ids": true, "type": "sha256", "uuid": "2e1cfcd6-331f-4e2f-97b9-652937ed7fe7", "value": "86029fc5a7f681c2d2f9515e1eee2e0b98febf43f60b52fe8873c86b645ccf07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545268", "to_ids": true, "type": "sha256", "uuid": "3d336775-a6bd-4021-a07e-169cffb7eae0", "value": "86fda26d8d7611e301b92bf403ed7bb9ae1cf6d4cdf282402123417d6d2df383", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545270", "to_ids": true, "type": "sha256", "uuid": "2757cd3c-1646-4f2b-b255-3050e664379a", "value": "882330c1071cea15ce2d3525a75cadc8295c236b72826fe919fb777d8965e29c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545272", "to_ids": true, "type": "sha256", "uuid": "a366d4c1-8348-4d64-9ebe-b4c08a44f3f2", "value": "8c4c71a0b2956df61836f9aa5e1fae672f1f45d7e194a9982ac6b88872470e19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545274", "to_ids": true, "type": "sha256", "uuid": "6f67e1f9-dca1-4d0d-9553-156f12f4efee", "value": "9349db5d05da35c02be5525869c81f0b6ebaec0acd2f44270eb202ebbd0e3e01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545276", "to_ids": true, "type": "sha256", "uuid": "4502bf8b-6e25-4f9f-bded-6ca22ec606df", "value": "95d0aaa646b298f2236988a7251673c9fa0f6a760b3eab17367e45ba1ef4fac2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545278", "to_ids": true, "type": "sha256", "uuid": "aacfe665-2dae-48c9-946d-91a0f5b9e290", "value": "998850f059f77af729887adc148053d64240fc891a7150e153a4c02e756bd469", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545279", "to_ids": true, "type": "sha256", "uuid": "752e507a-a9a9-4cfa-bf51-86f7d3ef85f9", "value": "9e4643f2ba1125bc87838bb70d50effefb93d4935c34b8ed96dc8fa123113c1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545281", "to_ids": true, "type": "sha256", "uuid": "19232251-7ea1-47cf-85de-17aba3a79c0c", "value": "9fcdd95cbd6694ef289de24b49fd99031c264333899fffe8b04e20076a6d5bac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545283", "to_ids": true, "type": "sha256", "uuid": "88d88e88-838b-45b0-a1a4-1f8de8e0a674", "value": "a0c609860951adb21a2ee0d821b3c0ab7f37c6a2d189967e1787cce5132d93e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545285", "to_ids": true, "type": "sha256", "uuid": "61523e35-98de-4e02-87bc-b0bf72b76945", "value": "ac75c5223d263506713114a14d271490734be572552cb45524901918f8e5e244", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545287", "to_ids": true, "type": "sha256", "uuid": "855e8fed-06a1-4680-a8b7-09ea1408f82f", "value": "b9b2b1556c23f95d4774e038fcaaef494d879137e548f57c482d03c87ad45bc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545289", "to_ids": true, "type": "sha256", "uuid": "a7831def-1e23-42c5-9ad1-ac23c7468d0c", "value": "ba74d25ed7d0fd6d43ad9239affb533c6eb8bd3b148c7c5e8fdea04ab7b05b99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545290", "to_ids": true, "type": "sha256", "uuid": "7e0aef1e-6035-4a57-8fa3-6d9593ba57b6", "value": "c2fdaaf45f3544fc0ae466715f4dece54ad1145c47066a7034c0cc9ae9c49bb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545292", "to_ids": true, "type": "sha256", "uuid": "bcf51131-c742-486f-9a19-22f3a590d41a", "value": "d38a69dee1d190f00ddd5048b7fddc4763943a4780b91c03f9159b589d4f2b5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545294", "to_ids": true, "type": "sha256", "uuid": "1a0ee866-4bd8-4f38-82fb-713c7934dd27", "value": "e0268bf23020fffb39927c437d520e4d5f3e50ec1ed89bd518a06c7605a01e82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545296", "to_ids": true, "type": "sha256", "uuid": "a4ce9aa4-724e-449b-8725-b81f3f998c11", "value": "eb06c308ce8ec17c5d257d5b31fd54ea38ce91fc7a5b2b27e5d5c68acc2f6087", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545298", "to_ids": true, "type": "sha256", "uuid": "6a392b7a-7e6a-45f5-8b6c-fe191d4027a3", "value": "eca7ddf57f53473a87f0c119bcbb7fd097029b07b0b477568628aaf0e2e873b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545299", "to_ids": true, "type": "sha256", "uuid": "d12a73b6-bc2b-440a-9f2f-d299dff0621f", "value": "ef67ab40f5dd8405ff8b6440f42efba6e1a33e92e62b13d73a4cb2fcab35578b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545301", "to_ids": true, "type": "sha256", "uuid": "2160fa25-34b5-434b-87d6-4ef8199898f1", "value": "f13bb41aa2fd26c05672318c8817f6e8d09990c0114eafa3f82f944ca21141c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545303", "to_ids": true, "type": "sha256", "uuid": "579bc614-1f6c-4eda-a2eb-d952ff53a1b4", "value": "f5357cced9ec3fffe0f8e65f73fe2d6100a4746807934512c9ef66ed7a691878", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545305", "to_ids": true, "type": "sha256", "uuid": "100a29da-7ae9-4369-94d7-32f0a3b200e2", "value": "f5d45679bbd26e9ee333bc09b72a8ab049fbc914d1618ebc14c458682ea6235b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:27/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545307", "to_ids": true, "type": "sha256", "uuid": "a50aed03-c247-4cd9-ba0b-9a9429bb875e", "value": "fc03984bc9a74cf7b1f3f6e6b6403b2942fa66b5aa5fae146f8fbd0fe1048b60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314528", "to_ids": true, "type": "url", "uuid": "7c0ef539-94c9-4a33-9579-918047b2cb7b", "value": "http://dl.admin334577joagj13.com:443", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314550", "to_ids": true, "type": "domain", "uuid": "a6c7f05a-ec90-416a-b5fc-38d8db0597ba", "value": "advapi32.lib", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314571", "to_ids": true, "type": "domain", "uuid": "97d70ec8-a412-40ac-bebf-ea0d2238cd77", "value": "shell32.lib", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314593", "to_ids": true, "type": "domain", "uuid": "52e90156-e8f7-460d-9091-0737986b59ea", "value": "winhttp.lib", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314615", "to_ids": true, "type": "hostname", "uuid": "8f548677-ae03-4307-ba54-90e44c01284f", "value": "admin.fudcrypt.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314636", "to_ids": true, "type": "hostname", "uuid": "ae7684b1-c61c-4735-8bd0-5edb35d7760a", "value": "api.fudcrypt.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314658", "to_ids": true, "type": "hostname", "uuid": "9435b64b-017d-4f5a-9069-316e2790e4de", "value": "monitoring.fudcrypt.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777302734", "to_ids": false, "type": "AS", "uuid": "36b5baa3-5239-4bd7-84df-891503b6bd1a", "value": "51852" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314679", "to_ids": true, "type": "ip-dst", "uuid": "4564cb0a-86e9-41ae-8376-2cd0b8275a0f", "value": "45.61.149.68", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314700", "to_ids": true, "type": "ip-dst", "uuid": "d102400d-558a-4cbd-82d6-e32c72b5dd29", "value": "144.172.99.122", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314721", "to_ids": true, "type": "ip-dst", "uuid": "bfc4be8d-9ef3-49a6-90db-73687b77f89f", "value": "144.172.100.193", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314742", "to_ids": true, "type": "ip-dst", "uuid": "ff034677-71cf-4660-ba88-1609c0aff4d1", "value": "144.172.108.142", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314764", "to_ids": true, "type": "ip-dst", "uuid": "f2e8a027-61c4-40a1-a277-8be3c5a32189", "value": "144.172.112.13", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314785", "to_ids": true, "type": "ip-dst", "uuid": "c683d151-8db3-4e94-b488-e44e6cd6b5e3", "value": "172.86.91.29", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314806", "to_ids": true, "type": "ip-dst", "uuid": "16b12832-7053-4d0c-a03c-3f03ad221f84", "value": "198.37.119.56", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314827", "to_ids": true, "type": "ip-dst", "uuid": "d0099e8f-2161-40ec-bee4-4a486d717740", "value": "157.173.112.182", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314849", "to_ids": true, "type": "url", "uuid": "03c93b57-d0b6-4681-bfc5-3ffb7b8785ec", "value": "wss://mstelemetrycloud.com/agent", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314870", "to_ids": true, "type": "hostname", "uuid": "063443e2-ef1b-4183-a042-d2f3c0bd158e", "value": "content.dropboxusercontent.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314891", "to_ids": true, "type": "domain", "uuid": "da8d5c20-35b5-4ec6-a9f6-5bc96d4e825c", "value": "catbox.moe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777314917", "to_ids": true, "type": "ip-dst", "uuid": "5cc73d42-a70e-43de-9f4e-51d3edd1ad41", "value": "179.43.176.32", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544411", "uuid": "36d80706-a9db-4be5-8832-3fa3e1f08be2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544410", "to_ids": true, "type": "md5", "uuid": "079967d0-a8ff-4a5e-b812-21ec9ce30cce", "value": "e32f72e15f78347c51c4ca1b2847f667", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544411", "to_ids": true, "type": "sha1", "uuid": "f2fdd9fb-4012-4d16-ad11-2f443e0c4be8", "value": "de8b253c8aee745fdb082fec5ad0618c2e4cdb92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544411", "to_ids": true, "type": "sha256", "uuid": "024b8ccb-87fb-49c6-bc12-ed765ca29e4a", "value": "341cb4515476007153b7f17212f5e4476852837a031efedd5a4adea723c0bcbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304284", "to_ids": true, "type": "ssdeep", "uuid": "5a69aeac-3ed0-4b8f-9dbf-7a8876f6f112", "value": "24576:xlU74/s8CUCfJdjgqsLqf3ZfMmVcX3hmyaadfkzrS4LcNcts2g2cKjTeqbGDGOrT:xKc0rJdjgqsLqf3ZfM0Pa5kLLcatsXk+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304284", "to_ids": false, "type": "size-in-bytes", "uuid": "20783efd-85b8-4212-b231-befc264b6b79", "value": "1449256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304284", "to_ids": true, "type": "vhash", "uuid": "1d692f35-e57e-41d5-9840-d0d26441185e", "value": "016086655d15551515755111z4003200867z37z12z75fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304284", "to_ids": true, "type": "filename", "uuid": "614513a1-d742-4313-9029-6829e169a162", "value": "PuTTY" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304284", "to_ids": false, "type": "text", "uuid": "14085b73-b46d-4c90-91a8-ae05d3a2dac8", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2022-05-27T09:17:04.000000+00:00\nLast Submission:2026-04-22T03:27:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544414", "uuid": "b0a87d5c-4f18-46dc-b3b6-a3e1a16f39f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544413", "to_ids": true, "type": "md5", "uuid": "e3352190-f94e-4892-a0c9-9ac9fd20ff0f", "value": "720f2634fe2e508efe789b333e0043e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544414", "to_ids": true, "type": "sha1", "uuid": "b6fb8096-11ce-4d17-b600-43df292a3441", "value": "51e0cd51506bc4b09958cf72aae540675b7e16b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544414", "to_ids": true, "type": "sha256", "uuid": "e812610f-028f-480e-b8c7-6196bcd6d310", "value": "38502a7852b56c500caba4cd92e15a67b745bb778fd452214bbc5599ff738c99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304306", "to_ids": true, "type": "ssdeep", "uuid": "1c8737fc-64d8-4c90-b733-e8c5634a800d", "value": "6144:64N3H2VRov7tfRSP0l/h5I9tfMfgKykq1jR0Q31Rv5Q1nI2VoXQ+18gUgIzBo2mx:62H2VRoFsP0l/hDgKwn0jI2Ty" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304306", "to_ids": false, "type": "size-in-bytes", "uuid": "dc2ca80b-711e-40c9-9d06-7edaa83101d4", "value": "464584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304306", "to_ids": true, "type": "vhash", "uuid": "dc082c13-873a-4c00-9078-c0dfac3e11ea", "value": "045076655d155515555az4ehz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304306", "to_ids": true, "type": "filename", "uuid": "9b0fa8a9-64f1-40dd-8e27-7894dd79a246", "value": "ProtonVPN.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304306", "to_ids": false, "type": "text", "uuid": "0ca79f35-97f5-4fda-8fc5-91dc3bf9d70f", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2024-03-28T12:51:31.000000+00:00\nLast Submission:2026-04-23T08:46:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544417", "uuid": "9b3e6e56-a0f8-494f-bbe8-14fe712cc694", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544416", "to_ids": true, "type": "md5", "uuid": "39fad79d-6e49-4afa-972c-379701e26170", "value": "36e31f610eef3223154e6e8fd074190f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544416", "to_ids": true, "type": "sha1", "uuid": "72998f1b-5544-4ac0-b04f-736aa6fae696", "value": "1f2800382cd71163c10e5ce0a32b60297489fbb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544417", "to_ids": true, "type": "sha256", "uuid": "f120061b-9350-4bb5-b34a-2416d5f8432c", "value": "16cbe40fb24ce2d422afddb5a90a5801ced32ef52c22c2fc77b25a90837f28ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304328", "to_ids": true, "type": "ssdeep", "uuid": "c9e94c30-1658-48fb-b4ad-afb74566d4a3", "value": "49152:9xKA15VC4s6BwJQRVp5r6vzCpJXXiILleQd:97GCp53P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304328", "to_ids": false, "type": "size-in-bytes", "uuid": "f83f4dfd-4fae-4682-b355-ca795659cc9e", "value": "1709672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304328", "to_ids": true, "type": "vhash", "uuid": "858d9e01-3dae-44c7-b1bc-136bab501bb9", "value": "0160a6655d1555155d0510f1z6003200937z37z12z77fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304328", "to_ids": true, "type": "filename", "uuid": "0404b6ed-0c02-4e2e-b237-c9afcac91c22", "value": "payload[1].txt" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304328", "to_ids": false, "type": "text", "uuid": "b41d983b-ce0c-45ef-be43-fe8f5656d297", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/71\nFirst Submission:2025-02-08T11:22:03.000000+00:00\nLast Submission:2026-04-27T14:20:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544420", "uuid": "622137aa-7a58-40ee-8867-aed7e7e2912d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544419", "to_ids": true, "type": "md5", "uuid": "4e1187f1-83ad-420c-b0fb-f7f49645af6a", "value": "2541290195ffe29716ebbc7aac76d82f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544419", "to_ids": true, "type": "sha1", "uuid": "cf0ae94c-63d8-4f1d-8c41-a26c7de36e3b", "value": "d8e22adc26ef1628b826785682830c3d128a0d43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544420", "to_ids": true, "type": "sha256", "uuid": "a72ca852-8f37-4ec9-b7f2-c129770c4f47", "value": "eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304350", "to_ids": true, "type": "ssdeep", "uuid": "122a8651-8dcc-46a0-bdaa-132016c00d7d", "value": "49152:JGuaHn27rhus1L9iE2XsZzkA8TbT9FuAHv:JGuaHna1kcwL/v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304350", "to_ids": false, "type": "size-in-bytes", "uuid": "1e8c6ff8-032c-43be-8e4a-f84d30d9b850", "value": "2699584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304350", "to_ids": true, "type": "vhash", "uuid": "8e45c367-bf20-449e-a4c4-95f882b530e9", "value": "0260a6666d6c0d551c051031e04076b00297z7035z63z406cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304350", "to_ids": true, "type": "filename", "uuid": "86bbbd9d-d13f-4124-ac85-d1f9ccceae9b", "value": "IObitUnlocker.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304350", "to_ids": false, "type": "text", "uuid": "6d48a4a8-22c8-4e77-8aec-1cba4bfd7360", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/71\nFirst Submission:2022-08-18T09:43:33.000000+00:00\nLast Submission:2026-04-26T10:37:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544422", "uuid": "a8cc2304-2a96-4285-b897-988e0c55e3af", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544422", "to_ids": true, "type": "md5", "uuid": "4850b524-bc35-4499-8357-17afb6502bcc", "value": "91954b41a5ed42fa60573967fd1bd29a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544422", "to_ids": true, "type": "sha1", "uuid": "5165a3ac-dc29-4221-8208-9bd3a008a7e1", "value": "28e316589c921af93bda3059f64b9d2d0ce00ee2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544422", "to_ids": true, "type": "sha256", "uuid": "1736a024-f925-4c5f-a66b-6f2db9d2cf22", "value": "3af1da74264645a07ba3647eed9f7641cf90e3abbc1df83fbbeffbdf157e7c2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304372", "to_ids": true, "type": "ssdeep", "uuid": "e1c247ef-ab30-4ac1-ab36-0f4d1a91bd07", "value": "3072:OT/LmfnOFGEtQbCQHvV1atdTj5YiPWm2QjcUJZQijPG3zbHTvk1pHMoFKPy:cL6ncVMCQPV4hDM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304372", "to_ids": false, "type": "size-in-bytes", "uuid": "b27959ec-d57a-4af6-88c6-52760d36d7d7", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304372", "to_ids": true, "type": "vhash", "uuid": "2c3b7aa5-22ed-48f7-bc53-536d712b5c87", "value": "115066655d155d055az567z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304372", "to_ids": true, "type": "filename", "uuid": "1038e379-88a5-4a7d-b6b0-d6fdbdb5c49f", "value": "3af1da74264645a07ba3647eed9f7641cf90e3abbc1df83fbbeffbdf157e7c2c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304372", "to_ids": false, "type": "text", "uuid": "64cf7dde-9818-4faf-a11d-90ae04a27d77", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:44:44.000000+00:00\nLast Submission:2026-04-20T23:44:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544425", "uuid": "54d8d5de-16c9-478e-952e-9483ae7b4cd3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544424", "to_ids": true, "type": "md5", "uuid": "f61d6509-860e-47b3-9aee-b1ae832ee657", "value": "8346343cd04025a4ac05649c0de8eb2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544425", "to_ids": true, "type": "sha1", "uuid": "1c3e2025-a187-47df-a554-87105776d130", "value": "59f4f0cef9dab8af59661c61e6243fcd09c03249", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544425", "to_ids": true, "type": "sha256", "uuid": "003ee871-01a3-4bdc-974e-1e54e8f5ca26", "value": "3c6863139e2679a5f53f0c43f7d74cde593dd8aa0349f38e6939849f02fcf7fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304394", "to_ids": true, "type": "ssdeep", "uuid": "7106993d-2f66-441b-84e2-1b2d20753197", "value": "3072:7iTeXQwDasaAmiTQhAS/xYN0n51756565rnIryHb/C1jK:QeXbuFaTcAS/0JHW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304394", "to_ids": false, "type": "size-in-bytes", "uuid": "f7ac181e-f60b-4ae7-aac8-540f3112c38c", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304394", "to_ids": true, "type": "vhash", "uuid": "cb22379b-2fdf-478a-9f28-7d48577bbb92", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304394", "to_ids": true, "type": "filename", "uuid": "77c459a4-a253-4c29-a652-764cd9d59e01", "value": "5lmdzf3.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304394", "to_ids": false, "type": "text", "uuid": "f261c6e1-6eb0-4acd-bc7d-87ebdd9c28e0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:39/72\nFirst Submission:2026-04-20T23:17:36.000000+00:00\nLast Submission:2026-04-20T23:17:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544428", "uuid": "68e6368f-87c2-4725-b7fc-71bf8759fddc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544427", "to_ids": true, "type": "md5", "uuid": "b6a9072e-caff-4dd9-8d72-bd48323d16ec", "value": "669d03f9d88272fe852903f4512ef0c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544427", "to_ids": true, "type": "sha1", "uuid": "3a1df88e-6f7e-447d-8ee2-e0debf6cc9e7", "value": "4f038ead1be546dff055fef9f51cfba050ccb9e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544428", "to_ids": true, "type": "sha256", "uuid": "08b8fea3-6f5a-4616-87c5-eb4032cc3779", "value": "8339d057c0369f28b6c71fff740206a8a2b8eca170b8e673dfecf2a782ee50a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304416", "to_ids": true, "type": "ssdeep", "uuid": "a8c3aff2-a2aa-425a-8d5a-c4b51953fbef", "value": "12288:dd3+fStokp+2XrbndTCdwo4cF4LZT6N3istI0vs8:dp+fSt7fXew8r3Pi0U8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304416", "to_ids": false, "type": "size-in-bytes", "uuid": "b89aff73-8c28-4f73-8ac6-a19e0e5d465b", "value": "497152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304416", "to_ids": true, "type": "vhash", "uuid": "7e335679-25ca-4e82-9e5b-886456ce17a9", "value": "2450367d1511f08e53151090" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304416", "to_ids": true, "type": "filename", "uuid": "56872e8d-0b9e-490a-a948-7bc1d262ab0a", "value": "XWormClient.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304416", "to_ids": false, "type": "text", "uuid": "ad51438d-7b28-459e-b8d6-0b3d9d77dcf5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/XWorm.RR!MTB\nVT Total Detection:55/71\nFirst Submission:2026-04-20T23:43:57.000000+00:00\nLast Submission:2026-04-21T00:01:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544430", "uuid": "446c9fa5-3f06-43b8-bc4d-b8b592b35593", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544429", "to_ids": true, "type": "md5", "uuid": "a59e59db-3cd1-49b5-a6de-3135c71dc380", "value": "afd80167002eb2a4ac437d01fc5b1fad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544430", "to_ids": true, "type": "sha1", "uuid": "e00a17d3-b194-4234-931d-3d50d0143ae8", "value": "fb40c97b5e6ed3b03d594053b493a24edadbed6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544430", "to_ids": true, "type": "sha256", "uuid": "b334e40b-1824-4bab-bf8e-18a0a6da7593", "value": "c35d11ebb1590f051140c2842bc0b6c9f6640389622f13cb422b7a0c6fd73a78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304437", "to_ids": true, "type": "ssdeep", "uuid": "03af0caa-d5eb-4d75-bd38-8b19bbf8eb99", "value": "1536:5mEBmaKZzy32YN2Z/npOjkIkd4THESzEpSEumqxj5UfEEvsWd3d49dlNLjZAD5:otOno/K9kdkkMPEhqhuE2toD3ZAD5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304437", "to_ids": false, "type": "size-in-bytes", "uuid": "9153ea08-ea67-4787-b770-1a92f8d2974b", "value": "114176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304437", "to_ids": true, "type": "vhash", "uuid": "966caaf1-da65-49a4-9c95-aba9580e20f9", "value": "115066655d151d055088z55hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304437", "to_ids": true, "type": "filename", "uuid": "718eba2c-afe3-492e-83dd-4fc23e8c0525", "value": "c35d11ebb1590f051140c2842bc0b6c9f6640389622f13cb422b7a0c6fd73a78.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304437", "to_ids": false, "type": "text", "uuid": "e3760aa4-211b-48bf-b991-47a61e324169", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:45:02.000000+00:00\nLast Submission:2026-04-20T23:45:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544433", "uuid": "dca08a4a-e685-40b8-8c74-9696cfb2ef9b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544432", "to_ids": true, "type": "md5", "uuid": "cb3af4ca-48bd-4741-a400-ba1d7d20bf1f", "value": "f00a1024664f1442c566d745f50b36a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544432", "to_ids": true, "type": "sha1", "uuid": "06f07da7-718f-4e29-8497-9d0ebf1982f8", "value": "decd3f578872414d6e7df6301551cd44c4579610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544433", "to_ids": true, "type": "sha256", "uuid": "f1727e45-5cc7-4bed-b0cb-63fe7884bdb3", "value": "661e613b993e97e2df4bd5bb3940cfbc4944d71b82579d7d81fd5a17da418436", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304459", "to_ids": true, "type": "ssdeep", "uuid": "34eabce8-3702-4cb1-a911-a7c5294cfa16", "value": "1536:uCE0s+zayi3oGYN474mOofpSTHYS8xaoaUaTyYzt/EPsWJNdw9dlD5wgt+:lsjyiAoxfpy4coatTvt/CnAx5wgt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304459", "to_ids": false, "type": "size-in-bytes", "uuid": "c64dcbc7-0157-4674-aa93-77579451bc77", "value": "111104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304459", "to_ids": true, "type": "vhash", "uuid": "698c56bc-0d3b-485a-806a-a8ab10a2f829", "value": "115066655d155d055058z5dhz13z4ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304459", "to_ids": true, "type": "filename", "uuid": "948eedfa-13c8-4aeb-be18-da6bdc047ba0", "value": "661e613b993e97e2df4bd5bb3940cfbc4944d71b82579d7d81fd5a17da418436.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304459", "to_ids": false, "type": "text", "uuid": "f35e1c88-bfd3-4d2a-af82-c3eec1cae8e0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGZ!MTB\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:42:14.000000+00:00\nLast Submission:2026-04-20T23:42:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544435", "uuid": "92c8f19c-8e15-465e-ab83-3e52ba9127e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544434", "to_ids": true, "type": "md5", "uuid": "40dc4378-5c5c-4127-9ec2-2e0812bd4428", "value": "4ce5d81cd58b36e5fa5c8313e072548a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544435", "to_ids": true, "type": "sha1", "uuid": "ced2db6e-411e-4ebe-a603-c9176280b114", "value": "b3b5955176aa95cbfc3f28cd48d9a7988b87a4b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544435", "to_ids": true, "type": "sha256", "uuid": "217089fd-5fa7-404f-b8a7-b1f8bf443a52", "value": "49a87a2d7ca47a0ebef027a9030d5cf2f7bb963e74bccfd3f79e86536277a5d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304481", "to_ids": true, "type": "ssdeep", "uuid": "d9be8ae5-6fc6-4e7e-af68-c228ec735296", "value": "49152:tr0m8hH68CR9hhKS9dltCLFQ842DqJjX/raJQ3/P8vRlTIb1gUkuzrOZLOIaI6Hr:mHW7KYYDorr9HcwzruaI6HMaJTtGbI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304481", "to_ids": false, "type": "size-in-bytes", "uuid": "02fb8a42-9a02-4d01-aadc-0105de23cd79", "value": "3550240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304481", "to_ids": true, "type": "vhash", "uuid": "10066903-18fa-4ab4-a7d2-feef685a844c", "value": "036066655d55655550e011z10a00917zc0e5z4040050010b2zae2z12d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304481", "to_ids": true, "type": "filename", "uuid": "d0c89d27-5563-4cc2-80bf-7ec9a713cb84", "value": "WebViewHost.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304481", "to_ids": false, "type": "text", "uuid": "ad20a6e1-dd4e-4be5-8382-b5f40d8c28a6", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2023-12-18T15:09:46.000000+00:00\nLast Submission:2026-04-22T15:20:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544438", "uuid": "405ec11f-cc2b-4f9c-bf6e-c88e77901367", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544437", "to_ids": true, "type": "md5", "uuid": "d12e9515-5e8e-4085-8359-8f1aa3c42f94", "value": "9d49357f72ecb1b1b31b747d91e7c8d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544437", "to_ids": true, "type": "sha1", "uuid": "e787a8cb-2e66-4049-b29f-fbc0e7287c5d", "value": "3fbceee349323f3c7fdc7e92d0106aa518be4d96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544438", "to_ids": true, "type": "sha256", "uuid": "cec816da-af46-4046-bf15-cc62becf8773", "value": "505a40deaf8f2ab81980a2bab38b1f7d88d6c856b799d8dc087b5f258af9b1c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304503", "to_ids": true, "type": "ssdeep", "uuid": "fdfb0ab4-7ba3-44e4-afc6-ef1b739413d8", "value": "3072:bFrVl7xAaMj0S+RtKnk7sT2E3KVu7Hy9OiZPW2U2jut3524:x7CaMgS+nKnkA2WKVu7Hy0iZU2jutJ24" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304503", "to_ids": false, "type": "size-in-bytes", "uuid": "7b59ef9e-3e20-4b60-a8a8-651006206834", "value": "236985" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304503", "to_ids": true, "type": "vhash", "uuid": "3d51be19-e2f5-4a95-8b46-22080b9be7e4", "value": "1251375d1515151c051d1az1a0elz31z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304503", "to_ids": true, "type": "filename", "uuid": "06f3282a-7e52-4dfa-8f8e-6ba80b92448e", "value": "505a40deaf8f2ab81980a2bab38b1f7d88d6c856b799d8dc087b5f258af9b1c9.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304503", "to_ids": false, "type": "text", "uuid": "48723507-28c1-4007-a824-d9bc782c0b92", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:46:11.000000+00:00\nLast Submission:2026-04-20T23:46:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544440", "uuid": "41790287-a88e-403e-ac37-c2e2061c8146", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544439", "to_ids": true, "type": "md5", "uuid": "334a0913-9587-4a32-8784-9f1be424b85a", "value": "c35f3bb4a6e44e70b8990e1ff607c77d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544440", "to_ids": true, "type": "sha1", "uuid": "a4cf7122-626b-4f02-a520-4130e7fd5d80", "value": "7dea55f106e87d9a6379915c6b8e7737b5fb1e76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544440", "to_ids": true, "type": "sha256", "uuid": "759395e1-2e3f-4a9b-b437-2791e8d50387", "value": "473a9b4a43ddc907399a6ef09e7b95bbcf9aef5affc388716e3f55e284d5bd07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304525", "to_ids": true, "type": "ssdeep", "uuid": "c5fb0e9c-261b-42d5-b323-f49323e0164f", "value": "768:XLJau6SW06XXUxcOMvbFJ9YCOMh135zS:XlautWzXEVMTFJ9YCOMzxS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304525", "to_ids": false, "type": "size-in-bytes", "uuid": "db9488ea-89b9-45dc-ab74-1cdea911378a", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304525", "to_ids": true, "type": "vhash", "uuid": "9085f01a-e2b9-4cc5-add3-72cea6bd2bf5", "value": "23403655151170772b110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304525", "to_ids": true, "type": "filename", "uuid": "80991774-15d8-449d-ab23-d4883609e4fe", "value": "fgfgfgfgfgfg.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304525", "to_ids": false, "type": "text", "uuid": "2de3e708-7b07-40dc-8a86-ef1bfd0cd0f8", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:60/71\nFirst Submission:2026-04-20T23:16:30.000000+00:00\nLast Submission:2026-04-20T23:30:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544443", "uuid": "d1fc96d5-093e-4f65-b149-f3975c0e15dc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544442", "to_ids": true, "type": "md5", "uuid": "acc281d1-b299-4e3d-90bb-4215a24fb84e", "value": "72e66120adb7fb6987887552836692b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544443", "to_ids": true, "type": "sha1", "uuid": "80e44461-6420-4be8-b290-5b1df11fbbf6", "value": "a410a782678670b444af52b230800f4ec3888388", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544443", "to_ids": true, "type": "sha256", "uuid": "3a14d52c-e2bf-458d-8d36-9a43c94cacd5", "value": "a6d6fd1b4116e79e4ef53ea4fa84e50b34cf719a5a94786101b90c946b95243b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304547", "to_ids": true, "type": "ssdeep", "uuid": "c03dd2f0-da4e-4940-acd2-60706a59d07c", "value": "1536:/XsA65lb8nWwTkY3kPX2ahmhpMTHPSVbJteHy+IOQPIxE5sW5P1da9dlJ2dT76vO:/56rIWwZKXAhpAvgtIypOLx6PvqqT7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304547", "to_ids": false, "type": "size-in-bytes", "uuid": "d0adbf76-e38e-48cc-8a69-26505d606ce1", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304547", "to_ids": true, "type": "vhash", "uuid": "fbd28319-e5ae-4343-83b5-61c43491ef43", "value": "115066655d155d055018z5d7z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304547", "to_ids": true, "type": "filename", "uuid": "f9aac604-c512-4cbf-92d2-3a4e6ebdbbed", "value": "a6d6fd1b4116e79e4ef53ea4fa84e50b34cf719a5a94786101b90c946b95243b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304547", "to_ids": false, "type": "text", "uuid": "dee0d7ae-bf53-48fb-905f-acdaf57a3580", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:48:48.000000+00:00\nLast Submission:2026-04-20T23:48:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544446", "uuid": "801f688a-3192-43c3-85ae-06a7adc69b34", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544445", "to_ids": true, "type": "md5", "uuid": "84787eef-b906-4caf-8379-b03d297072d3", "value": "3022de3df62e53561874147c42a62240", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544445", "to_ids": true, "type": "sha1", "uuid": "1bc113e7-9b39-4828-bb69-47175c1fb84f", "value": "167c7812c0d1b14ebf29a453738562ab329f478f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544446", "to_ids": true, "type": "sha256", "uuid": "70d01c98-7a26-4ed7-97a1-d119c762caf9", "value": "9a099a4c8f6fc22bbf7a76cd2d9dcfcb1563c3640f629710d3027ae126259de0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304569", "to_ids": true, "type": "ssdeep", "uuid": "1a0d7d9c-254e-4a0a-9e70-37b2f604e4cf", "value": "3072:BFH9NTTYLNAcjQ9ARUjsavmSO/7njPL3cIbHD2GgNJlLJKNryouFbnk3N6VVuJ:BbNPYRhAARUIaw3MV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304569", "to_ids": false, "type": "size-in-bytes", "uuid": "19ffedbd-ce3b-4f7f-b405-595ec2d1ce1a", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304569", "to_ids": true, "type": "vhash", "uuid": "6f2cdddc-6f1c-4d82-9bf6-a3ae539bb9f0", "value": "115066655d155d055az4fnz41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304569", "to_ids": true, "type": "filename", "uuid": "b541b47d-06a0-41fd-bf22-5beae6ca6a77", "value": "9a099a4c8f6fc22bbf7a76cd2d9dcfcb1563c3640f629710d3027ae126259de0.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304569", "to_ids": false, "type": "text", "uuid": "5f518f88-bf1c-4f5b-9196-6c4162f10854", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:49:52.000000+00:00\nLast Submission:2026-04-20T23:49:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544448", "uuid": "ace62a32-98dd-499f-9650-84c3b2bd64f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544447", "to_ids": true, "type": "md5", "uuid": "48d9b4d5-3f7a-4b15-bc3d-0d651ca6f602", "value": "06e99955e3d4f3421508e5ddabb9353a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544448", "to_ids": true, "type": "sha1", "uuid": "3bed2c4d-95c6-4358-8689-fbb9add96d40", "value": "ca639693e9d24bdc32a6edce4f4290aac443180b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544448", "to_ids": true, "type": "sha256", "uuid": "6df182d7-a3db-43d4-a981-bac24dd76d31", "value": "d5e77fe5fc4a64c5cfd6db1ab21133e129c8f7ab180f781c6526cf1adcaf8bb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304591", "to_ids": true, "type": "ssdeep", "uuid": "3bba31a6-0db6-4aa8-921e-c31c149fff24", "value": "3072:3ME0x0yzz4G9Ge4QbpQy0pUb3OTj5YiPWm2QjcUJZQijPG3zbHTEk1pHkuAY:O0wz40eMpQy0pSJhv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304591", "to_ids": false, "type": "size-in-bytes", "uuid": "86c70216-ee56-4a91-b344-83740ed6c541", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304591", "to_ids": true, "type": "vhash", "uuid": "c6b0e505-8490-43c2-ad90-0367f831f314", "value": "115066655d155d055018z597z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304591", "to_ids": true, "type": "filename", "uuid": "eca891c4-ac49-4bbe-95d1-fba1bef85432", "value": "d5e77fe5fc4a64c5cfd6db1ab21133e129c8f7ab180f781c6526cf1adcaf8bb0.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304591", "to_ids": false, "type": "text", "uuid": "539bdf4c-1c73-40e3-9e5a-1abe2a2fc695", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:16:54.000000+00:00\nLast Submission:2026-04-20T23:16:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544451", "uuid": "cb822f39-a4ff-475f-a67d-73c726119331", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544450", "to_ids": true, "type": "md5", "uuid": "9df4ec95-6de2-4aa0-8799-1f54348f03d0", "value": "6f6ac64ea4c23976b8b6aa66c1c1fb37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544450", "to_ids": true, "type": "sha1", "uuid": "5f79d992-7505-40eb-873e-e81464fdae68", "value": "694d8ff81bed581610e4686444c640571b464d74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544451", "to_ids": true, "type": "sha256", "uuid": "8acc91ef-f829-4e76-9056-17f14c8fd200", "value": "6d08fef537ad92a618cad3efea018363d5bff84f30669747b49b5dd3789c5555", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304612", "to_ids": true, "type": "ssdeep", "uuid": "6268fbd7-ff83-4287-af32-0978bfd33b1b", "value": "1536:9+uTtrLOUnelseYw4MhLVxj5pVTH4SFcSdhn+hlLevtEJsWTrd79dl2NceVsBpN:9H5/Rngoyhj5plYAhn41ktqBzkNvst" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304612", "to_ids": false, "type": "size-in-bytes", "uuid": "52fb93f4-22b7-4f14-abc8-09037132d2fe", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304612", "to_ids": true, "type": "vhash", "uuid": "a8446062-4913-444e-8c89-0220f0d16944", "value": "115066655d151d055018z5fhz13z41z4az8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304612", "to_ids": true, "type": "filename", "uuid": "33367f17-2cb2-4533-a43d-93589ed07a6d", "value": "ctzh38.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304612", "to_ids": false, "type": "text", "uuid": "f10a416f-456e-4826-93ed-a3975616351c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:50:58.000000+00:00\nLast Submission:2026-04-20T23:50:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544453", "uuid": "37735641-3589-4eaf-adcf-ac52046e6865", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544453", "to_ids": true, "type": "md5", "uuid": "febd1d0f-f81d-452f-a38e-e4c6f15b9aa5", "value": "25d2ef17c88378b6428a7ed66c11f456", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544453", "to_ids": true, "type": "sha1", "uuid": "e168e8fd-34f1-4c5a-9b15-f383b60190f6", "value": "119290c08260bff74e0539164cf651e9af4f21a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544453", "to_ids": true, "type": "sha256", "uuid": "93c0af7a-bab7-465e-8c9e-6d41e7734108", "value": "184c0292f6619e5f0e9cb36f94ba43232175a6212a0ab27a17f39e73cf4fe44b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304634", "to_ids": true, "type": "ssdeep", "uuid": "c7822b09-b358-43b7-9d42-1efdb9f9300a", "value": "3072:19gVl7xAaMFlBT0S+EtKnk5sT2v3KVu6HyNOiZPU2TU2j/u7qM:I7CaMaS+cKnky2vKVu6HykiZcZ2j/u2M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304634", "to_ids": false, "type": "size-in-bytes", "uuid": "429cc53b-850f-4d40-bac8-f427cac4bc3e", "value": "241110" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304634", "to_ids": true, "type": "vhash", "uuid": "2fa99f29-e339-4e2a-a8fa-724162a0b2c8", "value": "1251375d1515151c051d1az170e5z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304634", "to_ids": true, "type": "filename", "uuid": "7aa5f5e9-3d5d-47d8-b87e-4432f22231c9", "value": "184c0292f6619e5f0e9cb36f94ba43232175a6212a0ab27a17f39e73cf4fe44b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304634", "to_ids": false, "type": "text", "uuid": "cf4e7fac-c04c-4eb1-836f-e12a956c3f67", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-21T00:47:40.000000+00:00\nLast Submission:2026-04-21T06:07:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544456", "uuid": "80986508-1b35-49dd-8c9f-8ce64ac9f99d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544455", "to_ids": true, "type": "md5", "uuid": "8af144da-e5f5-46ec-8ad4-d859165370fb", "value": "bf01a8e97c1a278f777a12f009dff1dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544455", "to_ids": true, "type": "sha1", "uuid": "7b326e0f-6794-4722-ac68-3c1474148f9c", "value": "e885b244a2a705ba2ad4f9c5103ec9a9adb68b52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544456", "to_ids": true, "type": "sha256", "uuid": "7a881656-3559-4809-bfca-a713380de286", "value": "54c094506f8286d6a01e3663a6cf395153b51a7ba9b1e1e49e5183ae54db2550", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304656", "to_ids": true, "type": "ssdeep", "uuid": "0d0054ee-d3fe-4e7d-814d-1db5618c9e93", "value": "3072:cPSVjFdvJG+LQbVA1MXloLvmSOo2iePG3ufWC+vr//T/7nM4L3zm2Q9ZVbq+b2+7:vVBdhFMVA1MVaN0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304656", "to_ids": false, "type": "size-in-bytes", "uuid": "b7bac7cc-baae-41c7-8805-b77b905672f5", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304656", "to_ids": true, "type": "vhash", "uuid": "2a0949d2-b729-44ad-b038-7733868f9c9a", "value": "115066655d155d055az56?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304656", "to_ids": true, "type": "filename", "uuid": "43a72bd6-57b0-4a54-b62b-59cd9339cb5e", "value": "54c094506f8286d6a01e3663a6cf395153b51a7ba9b1e1e49e5183ae54db2550.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304656", "to_ids": false, "type": "text", "uuid": "1aa9ea94-70b5-4f56-b5d8-1a84eb263491", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:17:18.000000+00:00\nLast Submission:2026-04-20T23:17:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544458", "uuid": "70a9b23d-15fe-4696-8fe8-14c44d95e43f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544458", "to_ids": true, "type": "md5", "uuid": "64cfbe4f-4716-49da-a810-84ff119d3a13", "value": "c74f326c985e8d19147d0a7fc740640a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544458", "to_ids": true, "type": "sha1", "uuid": "4d272ffa-7e88-4a0e-b0e9-e9594c5ecae5", "value": "96c8e11cf6665467420502dae65a7eaa8f6a9ce8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544458", "to_ids": true, "type": "sha256", "uuid": "49c3f5f8-73a1-44a2-8105-9f902adb51e8", "value": "51f4e8df8b56de1930be0c277ecf76dbe132a1138dff7fdcfc0a0d7cf0d3da45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304677", "to_ids": true, "type": "ssdeep", "uuid": "4b38ee6b-209c-4ae8-9f63-f3c2c6811ab6", "value": "3072:PlA+vkXsN6BdfY0rxDY8k3xmNkFU7PLO5GN8c:1v0suFrxkXY765+D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304677", "to_ids": false, "type": "size-in-bytes", "uuid": "ce396763-15fc-4a98-b7e7-61762a213d11", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304677", "to_ids": true, "type": "vhash", "uuid": "e4660619-e5d5-4d32-8a37-7a94645e24ed", "value": "115066655d151d055088z57hz13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304677", "to_ids": true, "type": "filename", "uuid": "04794c35-3475-44f6-8353-3efa8dcc69be", "value": "51f4e8df8b56de1930be0c277ecf76dbe132a1138dff7fdcfc0a0d7cf0d3da45.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304677", "to_ids": false, "type": "text", "uuid": "5582720b-ecb3-4887-87a6-60a954e6d74d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:43/71\nFirst Submission:2026-04-21T00:17:32.000000+00:00\nLast Submission:2026-04-21T00:17:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544461", "uuid": "e44b3163-e7ea-452a-8c0d-804b368ae6a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544460", "to_ids": true, "type": "md5", "uuid": "2be845ac-53dc-41db-8d33-c10880164e09", "value": "64f9ab3ea1f1df982e11ef745db40fd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544461", "to_ids": true, "type": "sha1", "uuid": "027c4d2d-46d8-4111-b91b-c91b5e3cff16", "value": "6bd9cb79ddbdb75a3fb06873933e0f5512c4a8ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544461", "to_ids": true, "type": "sha256", "uuid": "827a8845-5ccb-4766-b80b-ce3ecc5e0862", "value": "9b1fb32254fbd31fcb8662b287d7600bf9affe5a4e2b0a753416b4351dbd9736", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304700", "to_ids": true, "type": "ssdeep", "uuid": "c87d99f1-6fe0-4f8e-a31d-6474f6d0669d", "value": "3072:CBCVl7xAaoj0S+EtKnk/sT223KVurHy9OiZPrJU2jg0/WM:B7CaogS+cKnkk2MKVurHy0iZS2jg0eM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304700", "to_ids": false, "type": "size-in-bytes", "uuid": "895c723d-6d28-47fa-9da7-01889b61476f", "value": "241093" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304700", "to_ids": true, "type": "vhash", "uuid": "afa908ee-246a-44d8-a533-a1abd74964bf", "value": "1251375d1515151c051d1az170e5z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304700", "to_ids": true, "type": "filename", "uuid": "9ca38bed-371e-4b44-9281-81e583b8cdbf", "value": "9b1fb32254fbd31fcb8662b287d7600bf9affe5a4e2b0a753416b4351dbd9736.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 26/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304700", "to_ids": false, "type": "text", "uuid": "b7bbe142-5705-4f6e-9d04-8edd191c65bd", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:50:25.000000+00:00\nLast Submission:2026-04-20T23:50:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544464", "uuid": "90b2d101-7c54-462f-b649-c33bf7f43493", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544463", "to_ids": true, "type": "md5", "uuid": "6597cd71-94f1-4581-b861-8838ab31601e", "value": "d739261408014adc87eb7328e65f0931", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544463", "to_ids": true, "type": "sha1", "uuid": "11ca4da7-256a-40ea-9b70-c3aead7a9b9b", "value": "20f2817cb1c74ae7667b0462289c833cd2993a9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544464", "to_ids": true, "type": "sha256", "uuid": "356ff82b-4df6-44a8-8870-02271e76d036", "value": "1602ef30af3b5de3f45ced75594a202a9e938a1b6e9375a210a33d269540430e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304722", "to_ids": true, "type": "ssdeep", "uuid": "e3755cd0-812e-4a9e-bc96-ebaa7fe9f02d", "value": "3072:yclT2CbShPahJB5pLWthk4xhoZgPzxw5Rg:tiC2hPW5ith77A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304722", "to_ids": false, "type": "size-in-bytes", "uuid": "af02ee1c-6105-4323-b33e-ce06124c88c0", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304722", "to_ids": true, "type": "vhash", "uuid": "af43dc7a-69b7-43c5-899f-0f8b011d79b5", "value": "015076655d15551d055az4fnz11z4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304722", "to_ids": true, "type": "filename", "uuid": "2004fd81-8be7-4433-a7fb-27d49905a739", "value": "1602ef30af3b5de3f45ced75594a202a9e938a1b6e9375a210a33d269540430e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304722", "to_ids": false, "type": "text", "uuid": "615ec078-ed34-4406-a9ba-20cee7fc3e56", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Tedy.SO!MTB\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:18:19.000000+00:00\nLast Submission:2026-04-21T06:08:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544466", "uuid": "aedc6cb2-5dee-4542-82de-9d29abc7b9ce", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544465", "to_ids": true, "type": "md5", "uuid": "3c9bb6da-b053-4bb7-b464-519f77c87b10", "value": "80092e5b12e04aac26032be86c9c2d08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544466", "to_ids": true, "type": "sha1", "uuid": "0e7e9ca0-803b-4dcb-b601-644a32ec1f52", "value": "029717442dac82828eca5012b4cb21c234815262", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544466", "to_ids": true, "type": "sha256", "uuid": "1fe1308c-7f66-40b8-ad12-21672c0dafab", "value": "91dd099c3cfeffe1ea23d864a796c301c80544231a7988cd656030ffd1805fc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304743", "to_ids": true, "type": "ssdeep", "uuid": "6ea4a68f-efb6-46ff-89f3-e5b0f7f54a6b", "value": "1536:92o6trLOUnelseYw4MhLVxj5pVTH4SFcSdhn+hlLQvtEJsWTrd79dl2ZcfVLtpN:9a/Rngoyhj5plYAhn41+tqBzkZaLB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304743", "to_ids": false, "type": "size-in-bytes", "uuid": "200539ec-279a-4876-8c62-2f3035ff6aed", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304743", "to_ids": true, "type": "vhash", "uuid": "29368728-dfc3-437b-ac4f-b50618bba931", "value": "115066655d151d055018z5fhz13z41z4az8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304743", "to_ids": true, "type": "filename", "uuid": "8b27232b-48d6-4fae-8815-bf5cb88dc1e3", "value": "91dd099c3cfeffe1ea23d864a796c301c80544231a7988cd656030ffd1805fc5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304743", "to_ids": false, "type": "text", "uuid": "7d4463bc-c51c-405f-a25c-93a2cb80d01c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:43/72\nFirst Submission:2026-04-20T23:17:42.000000+00:00\nLast Submission:2026-04-20T23:17:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544469", "uuid": "02fc7cd9-5bff-4d7a-9024-1e147c87b05d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544468", "to_ids": true, "type": "md5", "uuid": "d7cb7837-c40c-4af7-a9e2-53c2425a3306", "value": "e7c3b787c0af52dd102675ac8d398bcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544468", "to_ids": true, "type": "sha1", "uuid": "feaab0ab-fe7a-45f1-8978-0508a92dba97", "value": "89a1abbf6bdd63a927979743dfda314b571a373a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544469", "to_ids": true, "type": "sha256", "uuid": "6c3da3ca-9691-4d7c-a293-4bde06ebdd34", "value": "14f17d7c548ddf02bbe3479d133ad2241b625fde26ce5ae641b297434c23956b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304765", "to_ids": true, "type": "ssdeep", "uuid": "9396097f-25e8-493a-8ff4-df8f3cfb3333", "value": "3072:m6TeXQwDasaAmiTQhAS/xYN0D51756565rnIryHB/CWcK:/eXbuFaTcAS/0V+Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304765", "to_ids": false, "type": "size-in-bytes", "uuid": "7a4da126-cebe-428c-8109-5d6184f5e0bd", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304765", "to_ids": true, "type": "vhash", "uuid": "1a1c4d91-fc6d-4ad1-ad54-92e3031dac53", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304765", "to_ids": true, "type": "filename", "uuid": "9f50f4b1-c7e6-4548-818d-b11b0f9bc880", "value": "14f17d7c548ddf02bbe3479d133ad2241b625fde26ce5ae641b297434c23956b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304765", "to_ids": false, "type": "text", "uuid": "53beda2e-94a2-4b16-b1de-a80af74e1a89", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:25:55.000000+00:00\nLast Submission:2026-04-20T23:25:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544471", "uuid": "bc47a3b2-ae45-4680-b2fb-2ad3ffd3f886", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544471", "to_ids": true, "type": "md5", "uuid": "9b1616a9-ed52-487b-90fd-93831bedc551", "value": "9605add5043dca3eeb79e6ec47eb36f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544471", "to_ids": true, "type": "sha1", "uuid": "cc8936ca-a8b1-48c7-bcf3-b927a71b2663", "value": "d88cb622982b06e99fc0bb14b005c7dd91714868", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544471", "to_ids": true, "type": "sha256", "uuid": "67610439-aa0b-458e-83e4-62a9e5be62d9", "value": "d044df0e67952c40201d70abd676f9b4ce4b168d85ab538d269b6e55b08205a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304788", "to_ids": true, "type": "ssdeep", "uuid": "474bb754-4d4b-4671-bc29-129aadf10bce", "value": "786432:Mf+JyRKQE8zWx0GaimRmCJP251XIOXJ3w3Oukjx2tVuEmVLxleqXpsJodaZTIE/M:Msy3GavmD51X7JQZxtVuEmVLWqnav/M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304788", "to_ids": false, "type": "size-in-bytes", "uuid": "3ff65e71-ba34-441e-ae6e-469194dcaee5", "value": "66177952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304788", "to_ids": true, "type": "vhash", "uuid": "e8555c7c-fc4b-4cc6-86c2-a3b58ae42c39", "value": "067086655d556d151575557011z50700ff3z700130f1zf01111e0136030c1zb4z108" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304788", "to_ids": true, "type": "filename", "uuid": "60f4fddf-b90b-4eed-bc5e-8bc60cbc679b", "value": "OneDriveSetup.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304788", "to_ids": false, "type": "text", "uuid": "719bfeaa-079a-48a2-bb2c-8bbd82e5048c", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/69\nFirst Submission:2024-02-04T01:07:19.000000+00:00\nLast Submission:2026-04-23T06:59:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544474", "uuid": "dc42b0bb-561c-4b5c-b16b-4f5e9d949209", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544473", "to_ids": true, "type": "md5", "uuid": "2f791727-7025-49ea-b701-ace68a2b67a4", "value": "2ca1815f40b0ddc93d4d1883ae777297", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544473", "to_ids": true, "type": "sha1", "uuid": "31ce33ac-7161-4e05-80ac-90f236c5fa0d", "value": "b7482c7de51c3c62b0301986f8d116e90235706a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544474", "to_ids": true, "type": "sha256", "uuid": "391624bf-a510-477f-8578-e1e32238a3ba", "value": "20094e09a2d2778a3d17fa871c7dec42c39472dd651ad08a8910bcf26139b90d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304810", "to_ids": true, "type": "ssdeep", "uuid": "93da7325-73ef-410c-a02f-d64a2a80dc2c", "value": "3072:jBqsVl7xAaX4z0S+UtKnkvsT2y3KVujHyZOiZPzxU2jQJ8agkmM:77CaIQS+MKnk02IKVujHyYiZC2j88wmM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304810", "to_ids": false, "type": "size-in-bytes", "uuid": "b521b548-5b01-48f5-b1e1-05d00f07c1d4", "value": "241659" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304810", "to_ids": true, "type": "vhash", "uuid": "4b9897f3-934f-41bd-880d-7ae2b271a928", "value": "1251375d1515151c051d1az170e5z209bz31z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304810", "to_ids": true, "type": "filename", "uuid": "59793b6b-655b-4f1f-8877-eca64a0e1929", "value": "20094e09a2d2778a3d17fa871c7dec42c39472dd651ad08a8910bcf26139b90d.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304810", "to_ids": false, "type": "text", "uuid": "348d1e90-93e9-4ac5-b544-032b24db4c95", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:38:15.000000+00:00\nLast Submission:2026-04-20T23:38:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544476", "uuid": "22075144-a1a2-4622-b883-c6a373a7f598", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544476", "to_ids": true, "type": "md5", "uuid": "619b5c90-ab0a-46d5-96f6-9ee6bbe0f849", "value": "468d766881dd1b676a6a33dc952e9d80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544476", "to_ids": true, "type": "sha1", "uuid": "2e0d2685-7282-4a82-864b-df5d6a69e402", "value": "e43cfd11184a36e9f0087714718505aa6eb62493", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544476", "to_ids": true, "type": "sha256", "uuid": "df8d1616-685d-48f5-a588-9eeccd397478", "value": "e60aaad86f7b34683979a9391aa31333207c6011d96b9fa2cfef262f6ee6c4ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304832", "to_ids": true, "type": "ssdeep", "uuid": "9bd35d51-ea73-4548-9904-8722d0c75bc3", "value": "3072:Gtd4yN6xpAqJQVAvfhxtTrB7ijPGyuIWC+vm//O/2iePL3zfbHsYrXTGWwd51pyV:qdJkTB4Anh/uXdvl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304832", "to_ids": false, "type": "size-in-bytes", "uuid": "346754ee-671d-43ac-a9cd-330443eabb01", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304832", "to_ids": true, "type": "vhash", "uuid": "8887f859-c32e-439f-b547-281380323065", "value": "115066655d155d055048z4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304832", "to_ids": true, "type": "filename", "uuid": "9cd2eb2c-f90c-4466-8f55-85325b731daf", "value": "e60aaad86f7b34683979a9391aa31333207c6011d96b9fa2cfef262f6ee6c4ef.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304832", "to_ids": false, "type": "text", "uuid": "5cc25d14-4c2a-47f4-80ea-aa1fd86c186c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-21T00:17:32.000000+00:00\nLast Submission:2026-04-21T00:17:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544479", "uuid": "dab59d1f-5079-4331-a95f-b847198d8a2a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544478", "to_ids": true, "type": "md5", "uuid": "e5c9d3f6-1980-47c7-99ae-6e9fe30fa2d0", "value": "b842844f644dc02617a0e44c51bfb367", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544479", "to_ids": true, "type": "sha1", "uuid": "7b208b4a-4891-49fc-b82a-5e4a8c036555", "value": "cdccc6239ce4a03bd007a769eaca7dc9be3473e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544479", "to_ids": true, "type": "sha256", "uuid": "bcce0fc4-6747-4d6c-b4e3-100e9b013711", "value": "f2424e535170ac66b9e0d1650dc6a21f847dfb8e8ed0f04d514f63efd6fe3952", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304853", "to_ids": true, "type": "ssdeep", "uuid": "b1742f6f-c6b0-47f5-a8ff-3883604037b2", "value": "3072:g6AriAfIJGupGCBQbfQMPOGQ//GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCMH:+fSGwDMfQMP5hb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304853", "to_ids": false, "type": "size-in-bytes", "uuid": "70eca775-0578-462a-bc7e-446746e827a0", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304853", "to_ids": true, "type": "vhash", "uuid": "3ca0f5cc-1f01-40b8-bf8d-c61f3a8b0a1d", "value": "115066655d155d055az567z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304853", "to_ids": true, "type": "filename", "uuid": "1ecd0a15-3c5a-4c30-ba73-218ae48dc29e", "value": "f2424e535170ac66b9e0d1650dc6a21f847dfb8e8ed0f04d514f63efd6fe3952.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 26/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304853", "to_ids": false, "type": "text", "uuid": "dcdb8e99-d217-46f3-b65f-3a6ace2e0ddc", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:18:28.000000+00:00\nLast Submission:2026-04-20T23:38:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544481", "uuid": "0e64db62-ee0c-4eba-b610-0aa63b9b989b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544481", "to_ids": true, "type": "md5", "uuid": "5614ff5d-d714-4545-b702-39ff71c9f391", "value": "819b3ae0be7eb52c00542d8970e976ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544481", "to_ids": true, "type": "sha1", "uuid": "9764ded2-1cfb-4f02-8a29-2efb6da5f5bc", "value": "2f481d5e55186ce04126ebc471eb967b94565b2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544481", "to_ids": true, "type": "sha256", "uuid": "80d634ce-98d8-461e-b1f5-d02a8018703d", "value": "86df162cc93277e058356e566ba9e03266893c80c24bf647a27389348b68ab71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304875", "to_ids": true, "type": "ssdeep", "uuid": "42a4efeb-1b5f-41f7-bc91-27fed07cc4db", "value": "3072:Dms3xVQJHpLHQunwH4l1jd2eckVPxIiTKA:zxWRiuwUL2G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304875", "to_ids": false, "type": "size-in-bytes", "uuid": "0d991805-335c-4671-84ac-dece0fb7a390", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304875", "to_ids": true, "type": "vhash", "uuid": "ef5666e5-9ac9-48bc-b6fc-34676838c944", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304875", "to_ids": true, "type": "filename", "uuid": "721c98d7-711e-4ac2-bffb-1af42cf72795", "value": "86df162cc93277e058356e566ba9e03266893c80c24bf647a27389348b68ab71.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304875", "to_ids": false, "type": "text", "uuid": "52c7685d-c624-4611-85f2-115618dadd90", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:57:55.000000+00:00\nLast Submission:2026-04-20T23:57:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544484", "uuid": "f716b3da-8184-4f5a-bf0e-6aa2ec032f9e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544483", "to_ids": true, "type": "md5", "uuid": "f058059b-f74b-432d-b2b4-22baae4c3a52", "value": "0ea492234b8a9873dc732934e4909f83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544484", "to_ids": true, "type": "sha1", "uuid": "9ef2b8ae-63dd-41c5-821b-d677f82a3728", "value": "6b5ce4e142741f1efe85f17560c19d426b90aee5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544484", "to_ids": true, "type": "sha256", "uuid": "f9631522-de72-4f90-81c0-66152b5aba2f", "value": "3df7e9107ea51e1067cdfe337c026b2bd0c4395c00fdd394365f24da50489ab5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304897", "to_ids": true, "type": "ssdeep", "uuid": "2bdb716a-67cc-42e6-aec5-0ac6c367bbb1", "value": "1536:96YakTwPMFZYQ46x6Fu3DpGTHASUVjLLJBqd5tEJsWTrdj9dl7h8GQVI:9yXPMsoF3Dp+g9LLrqLtqB7duGQV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304897", "to_ids": false, "type": "size-in-bytes", "uuid": "50636287-3f45-4796-848d-4a2959217c05", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304897", "to_ids": true, "type": "vhash", "uuid": "73a5db72-c336-4e45-b7e7-0f3ede81cf5f", "value": "115066655d151d055018z5fhz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304897", "to_ids": true, "type": "filename", "uuid": "391fcf55-1ddd-4b63-a2a2-881ea3615c4b", "value": "3df7e9107ea51e1067cdfe337c026b2bd0c4395c00fdd394365f24da50489ab5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304897", "to_ids": false, "type": "text", "uuid": "141c3c4c-4eb9-4df9-8e14-899aa3fad2d2", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:18:53.000000+00:00\nLast Submission:2026-04-20T23:36:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544487", "uuid": "cfc167f8-2e02-46b5-b738-cb6ff3d1f433", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544486", "to_ids": true, "type": "md5", "uuid": "f595e521-4f33-46d7-be2b-878964315757", "value": "dfc30c27b902bcc7b03dc54929ad54e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544486", "to_ids": true, "type": "sha1", "uuid": "7aa63279-550e-4045-a8e0-20534eee74b5", "value": "66d49b6ac1debec1bb3d1d8357e3b950152f515e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544487", "to_ids": true, "type": "sha256", "uuid": "7634bcd0-befd-47a5-a4b0-536cb99c312e", "value": "0f36122ac39cc9bd526d5c414939f72841d1c7495e16990f5cd24dbaa0864f79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304918", "to_ids": true, "type": "ssdeep", "uuid": "c4bceeb4-d61f-47e7-a39a-f9a6769d226f", "value": "3072:yJrVFRNobqYigGFvQbS5QP2FVZfVQq14KckVPxIiTGpy:6oeYtuMS5u2jXsy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304918", "to_ids": false, "type": "size-in-bytes", "uuid": "7db0afcb-cd1d-4a5b-80c7-99923f8e959f", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304918", "to_ids": true, "type": "vhash", "uuid": "34101b60-938e-49aa-8913-b5192de518f3", "value": "115066655d155d055018z5c7z2095z13z4dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304918", "to_ids": true, "type": "filename", "uuid": "25bfe386-6c5b-4b2d-919f-5705065469a1", "value": "0f36122ac39cc9bd526d5c414939f72841d1c7495e16990f5cd24dbaa0864f79.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304918", "to_ids": false, "type": "text", "uuid": "93ae9365-4bf0-423f-8258-89a031984000", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:19:18.000000+00:00\nLast Submission:2026-04-20T23:48:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544489", "uuid": "9eb4f99d-669f-4205-8e4d-17b4f5a2bccc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544489", "to_ids": true, "type": "md5", "uuid": "01075815-22ab-4fc8-a180-cef71328f769", "value": "51e78c20682e05f93fdd911531217711", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544489", "to_ids": true, "type": "sha1", "uuid": "d755e6d5-f9f4-4cad-981a-ab24b89af97f", "value": "9c0723d56cb3fb9e144af29dc5fbbcb2cb8761ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544489", "to_ids": true, "type": "sha256", "uuid": "5f8edd2d-d369-45d5-8cee-c21d8909279c", "value": "0cf1d46ebb1eebd5bf79489157f02aa719d5b50445f3eca3fac20f3cb0a581e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304940", "to_ids": true, "type": "ssdeep", "uuid": "40477af4-8de1-401c-9133-625a0656e051", "value": "3072:TldHpV7E/49XAvqTadUWKYwjgMFWU/IPeiIoDav:f7E/eAvCMZwjgAWglkav" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304940", "to_ids": false, "type": "size-in-bytes", "uuid": "34d16d96-2f9a-472c-a32d-775978721212", "value": "118272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304940", "to_ids": true, "type": "vhash", "uuid": "eab2317a-22a3-4d27-812e-a42e0958cd8d", "value": "115066655d151d055098z647z2095z13z51z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304940", "to_ids": true, "type": "filename", "uuid": "cf7a256f-ddba-4350-95e9-d4eaca20427e", "value": "0cf1d46ebb1eebd5bf79489157f02aa719d5b50445f3eca3fac20f3cb0a581e8.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304940", "to_ids": false, "type": "text", "uuid": "9f9fe165-6256-4007-8381-45aa1682a57c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:32/71\nFirst Submission:2026-04-20T23:51:01.000000+00:00\nLast Submission:2026-04-20T23:51:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544492", "uuid": "51e88b79-4994-40de-9ec9-59baefde197b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544492", "to_ids": true, "type": "md5", "uuid": "7ae87c51-d99d-4ae4-b101-aada8b9c5099", "value": "d7060712a36006e9cdda203b6473d4da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544492", "to_ids": true, "type": "sha1", "uuid": "c7e8fe1d-cc5f-4cd4-a3ef-cd9cf37b0dd9", "value": "a320f95c06bdd694abb982e1984a0d9f58525065", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544492", "to_ids": true, "type": "sha256", "uuid": "fde9580b-6eec-42c4-a140-f8ea926ee3c4", "value": "56550f342e1297e389a1a62fe3fee82234fab130838682b2d6da0b4ac8965ca8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304962", "to_ids": true, "type": "ssdeep", "uuid": "b8d688ae-2e45-4b82-8b60-1e99eafd4c60", "value": "3072:Lq3qp8VeI6CQVOuHIicGmvTpIS/GWmATME5JAST/2njLhbC3G1MSzoQsxOZ0HCll:LlWVHsOuHPcTDzU/K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304962", "to_ids": false, "type": "size-in-bytes", "uuid": "13fa43ab-df44-417d-a77c-a58c1ea005ec", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304962", "to_ids": true, "type": "vhash", "uuid": "73c3fcfd-9b36-483f-8d5a-607ea1fbe4a1", "value": "115066655d155d055az57hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304962", "to_ids": true, "type": "filename", "uuid": "8e1259a0-2e80-4be5-aba7-4dce4413e188", "value": "56550f342e1297e389a1a62fe3fee82234fab130838682b2d6da0b4ac8965ca8.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304962", "to_ids": false, "type": "text", "uuid": "5efde550-f3c0-44f9-804b-7db60de95b11", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:19:42.000000+00:00\nLast Submission:2026-04-20T23:38:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544495", "uuid": "a2f7ac0a-0683-4299-a490-bcdd27f364c7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544494", "to_ids": true, "type": "md5", "uuid": "87062e84-4b32-4839-bd69-86e5176cb1bf", "value": "336321ab21e0255ff79e56907ced35e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544495", "to_ids": true, "type": "sha1", "uuid": "199a0aef-1115-47df-9a23-321d9a6ce049", "value": "883339cea7e584e195fb9f7cc3ec33463281a0ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544495", "to_ids": true, "type": "sha256", "uuid": "e6128035-d6b4-43ee-83d2-1f3127ef23b9", "value": "6e8a6741f6cabd174389ce0ac693c2712aa7aca9bd697e9a3eba975bba985b46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777304984", "to_ids": true, "type": "ssdeep", "uuid": "8af95087-e59c-4791-831d-c6aa90de8b24", "value": "384:opaJuqQYbqjpk972V7/AqBZB1FOmLpM4vh0FbOKTCOQKFRApkFTBLTAOZwpGd2vY:d16zY0FPC4vGFbO75KFVFo9j+Ojh+b9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777304984", "to_ids": false, "type": "size-in-bytes", "uuid": "5d1e1d5e-c5e1-40fc-a32a-79e9d02f3219", "value": "33280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777304984", "to_ids": true, "type": "vhash", "uuid": "fd9efe59-9317-409e-b189-04004cfcf1c2", "value": "234036551511707729110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777304984", "to_ids": true, "type": "filename", "uuid": "8a125a72-aa42-4601-a0ca-95e9cc5d3e6e", "value": "XWormClient.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 26/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777304984", "to_ids": false, "type": "text", "uuid": "5598fce2-be4b-497c-b129-fbf44c5c874b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:59/71\nFirst Submission:2026-04-21T00:49:10.000000+00:00\nLast Submission:2026-04-21T00:49:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544498", "uuid": "5c15d118-18a3-4f82-b9c4-ac49fd6e6523", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544497", "to_ids": true, "type": "md5", "uuid": "f43836d9-68dd-4fe9-be62-6d49ea17d4b5", "value": "d28299eb39c650d022eababe083c9371", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544497", "to_ids": true, "type": "sha1", "uuid": "3351018d-f3ef-479b-a5b3-f90310c6a85d", "value": "e4ffb591a7bb3b703aa8157c6a1606c8e767f8e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544498", "to_ids": true, "type": "sha256", "uuid": "268563ce-74bc-47d2-bd38-3d21a509f2b9", "value": "2ea66b021040e3ced5627a1f29021c8c7bad3835f01838ee697beabf37a3563f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305005", "to_ids": true, "type": "ssdeep", "uuid": "218fe680-4aa2-4e8a-a017-343cdd17e41d", "value": "3072:vfY7KjldW8rx5mGpJQb05G3JbLXNVQezDZ4Cv2GWwsOdJSlOLds:vfFddrxQwM05G3RLLP5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305005", "to_ids": false, "type": "size-in-bytes", "uuid": "dfd05fb9-b8b3-4b1d-8af4-395a9f07f9ec", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305005", "to_ids": true, "type": "vhash", "uuid": "6942802e-2c42-4c3f-82e5-e794e21ce468", "value": "115066655d155d055az5a7z2095z13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305005", "to_ids": true, "type": "filename", "uuid": "515bd2e2-2c06-4a49-b09b-d1bcad47a3c4", "value": "2ea66b021040e3ced5627a1f29021c8c7bad3835f01838ee697beabf37a3563f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305005", "to_ids": false, "type": "text", "uuid": "9e69bb06-91e3-47a4-8956-0d1ad05f919f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:15/72\nFirst Submission:2026-04-21T00:51:45.000000+00:00\nLast Submission:2026-04-21T00:51:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544500", "uuid": "7c2422ec-9b1e-4529-aae7-c0f413cdcf26", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544500", "to_ids": true, "type": "md5", "uuid": "e22be98a-0f18-47ec-bf1c-1c499b241917", "value": "73fd69ddd840c35a946ae81f22a67f80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544500", "to_ids": true, "type": "sha1", "uuid": "920fd25f-a8e7-4527-823d-f85e3f7c371d", "value": "26aec97faeaa3d3634a47abc472dd45c331a3222", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544500", "to_ids": true, "type": "sha256", "uuid": "26b04644-8f87-4f7b-a0fa-c50ea1da4534", "value": "aca5a4791b1efd6b8a20ee73aa20afdde6810b5511b327cf236a4a63e15d279c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305027", "to_ids": true, "type": "ssdeep", "uuid": "93d37b50-3f62-47ca-8555-4e7907ec2a72", "value": "1536:BW7n7MpYn2HmZ+idOQMT5oy/x0va6RSK/KgiNa6vR14tZ7aI2gyOCaxKr9DkhtAq:BvoySvaBVKekyLWT0HVKek5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305027", "to_ids": false, "type": "size-in-bytes", "uuid": "96d99252-f583-4c49-89de-3cb32cd6d7c6", "value": "139776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305027", "to_ids": true, "type": "vhash", "uuid": "0781be08-aacd-4189-b24e-1203550f174d", "value": "21503675651360723b443250" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305027", "to_ids": true, "type": "filename", "uuid": "24b6843f-3667-4798-bff9-50f3c2893c45", "value": "NK NotePad.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305027", "to_ids": false, "type": "text", "uuid": "f40ffb0d-84eb-44ba-b04c-889317c6948a", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/71\nFirst Submission:2025-05-02T07:23:48.000000+00:00\nLast Submission:2026-04-22T15:19:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544503", "uuid": "efca5d1c-7a9f-4719-a249-0c39b99a25ed", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544503", "to_ids": true, "type": "md5", "uuid": "f0d7d6db-575b-467b-8010-d5d3d12353e7", "value": "a3cf6aa01fad5a1c8214e8ae752a2da7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544503", "to_ids": true, "type": "sha1", "uuid": "38772652-1509-43b1-96b7-c8fe05e33b47", "value": "050d8c064e12f9e0a5bb31766d3c5c3a8641ac0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544503", "to_ids": true, "type": "sha256", "uuid": "30fd7410-4f9b-4319-9f61-40aa10bf16f9", "value": "f10acdceee4f0e472ac60b1b0e68cace74cce08056e48b1534d6f2af218f0b32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305049", "to_ids": true, "type": "ssdeep", "uuid": "686b3b1f-2a11-4a52-b472-3a903cec5733", "value": "768:w16zY0FPC4vGFbO75KFVFo9j590OjhIbZ:M6zYH4+bO75KnFo9jQOjWF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305049", "to_ids": false, "type": "size-in-bytes", "uuid": "ab39ffa6-71c4-4ba9-be04-f402db8acda0", "value": "33280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305049", "to_ids": true, "type": "vhash", "uuid": "233411b0-7b4d-4733-81c7-e6b4e757c804", "value": "234036551511707729110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305049", "to_ids": true, "type": "filename", "uuid": "d4f69244-cb66-4353-ac90-4d9869973bc5", "value": "XWormClient.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305049", "to_ids": false, "type": "text", "uuid": "efa3592b-471a-4d54-936b-f5c806d9dfb5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:62/71\nFirst Submission:2026-04-21T00:52:51.000000+00:00\nLast Submission:2026-04-21T00:52:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544506", "uuid": "df8b5a87-63da-4cb6-af03-8e9eb5f64660", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544505", "to_ids": true, "type": "md5", "uuid": "2b4d938a-8e61-4848-8471-2cfec837bcf4", "value": "13105cd999ff4cf7e7cb0ebc5d294297", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544506", "to_ids": true, "type": "sha1", "uuid": "0d15e8de-c92a-43e4-b858-7d6f038ef99c", "value": "9f0d7ea74cb9f9b865f389a1e0cc243aac82fe09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544506", "to_ids": true, "type": "sha256", "uuid": "274eb9fb-22e1-4d4f-a102-69f11f955406", "value": "f8c92ec4d4ecedc0c234c793b03adf371801c283602a637586e78fa3bb661a1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305071", "to_ids": true, "type": "ssdeep", "uuid": "f0fb0b92-c5e8-4df6-b5f3-fefac82ccc62", "value": "3072:NyMA45KbE+c6GsOEQbQwWKqe9L2Q9ZVbZaZaLEt3LPRkw9vu:N84gbE+5hMQwWKBEZ9vu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305071", "to_ids": false, "type": "size-in-bytes", "uuid": "2be98ff6-cdb7-40f4-9e10-79868c5d7451", "value": "104960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305071", "to_ids": true, "type": "vhash", "uuid": "d65f1392-10df-4265-8666-9a5d3616283f", "value": "115066655d155d055az51nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305071", "to_ids": true, "type": "filename", "uuid": "2afbff56-43f0-47cc-9b92-f7be70064c0d", "value": "f8c92ec4d4ecedc0c234c793b03adf371801c283602a637586e78fa3bb661a1f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305071", "to_ids": false, "type": "text", "uuid": "9b2a5e8d-3de6-4eb2-8570-b632b5f7e5ac", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:36:40.000000+00:00\nLast Submission:2026-04-20T23:36:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544509", "uuid": "81e3bd89-3369-443b-a529-6d744ffcdeb3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544508", "to_ids": true, "type": "md5", "uuid": "618665c0-391c-47da-9b17-a71d4e1f9281", "value": "ab0df05e39bd73f4adade8fdc21a1f25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544509", "to_ids": true, "type": "sha1", "uuid": "2f0bd12d-285b-47da-a62c-a6db3d3a8baf", "value": "b12c2771c040f6175902ec5941ffd09748f87ed3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544509", "to_ids": true, "type": "sha256", "uuid": "afb966f5-da4b-4a93-af4f-0485fd0f191f", "value": "020aac79a14717e316a593155ca778dd3e253b888bf62633b174838d35df7f41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305093", "to_ids": true, "type": "ssdeep", "uuid": "7845d4cc-21a0-4c25-9455-bf39b381fd81", "value": "98304:65zMfaTDdMIOZhgAOgp4GMFBgPaJ+nHmf9ViPf:6O0ZMVuAVfMAM+HmFcf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305093", "to_ids": false, "type": "size-in-bytes", "uuid": "4e321686-ac88-490e-9979-28484e229425", "value": "3648408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305093", "to_ids": true, "type": "vhash", "uuid": "d6a29844-4dc5-45d2-ad6a-ac6744526334", "value": "036086665d1c0d1c0515103016z2az3bz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305093", "to_ids": true, "type": "filename", "uuid": "1f30b2e2-e4f7-49a6-98ea-856a2f8e5e6e", "value": "UltraViewer_setup_6.6.124_en.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305093", "to_ids": false, "type": "text", "uuid": "db58f7ad-1459-4a94-b308-7731423511c2", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2025-07-19T10:10:33.000000+00:00\nLast Submission:2026-04-27T14:40:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544512", "uuid": "95039255-afc8-4498-93bc-58d6917c045b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544511", "to_ids": true, "type": "md5", "uuid": "2744e4ca-76ac-47aa-abd6-386ea9b7ad0d", "value": "7da8a12c378d0d274646017b4e4306ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544512", "to_ids": true, "type": "sha1", "uuid": "6d30acce-a5e2-4d6b-8469-99a5b7586829", "value": "e07771baa0b64ddf631c427014fbcbeb2e50bd72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544512", "to_ids": true, "type": "sha256", "uuid": "0e69500f-e348-404f-885b-51ee3143e8b3", "value": "87b4a42cdd6bf6d4a97e744dd67afef6f35b7ce7355ce8bd00b94613d67a8839", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305115", "to_ids": true, "type": "ssdeep", "uuid": "c9a15eae-6c7a-4e7c-a372-a840472f3082", "value": "3072:7td4yN6xpAqJQVAvfhxtvrB7ijPGyuIWC+vm//O/2iePL3zfbHsYrXTGWwd51pym:hdJkTB4Anh/KXLoZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305115", "to_ids": false, "type": "size-in-bytes", "uuid": "d2f320bf-7292-4e63-b847-358b73817ef3", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305115", "to_ids": true, "type": "vhash", "uuid": "1ee0c3eb-69fb-4428-8557-ae40853c7495", "value": "115066655d155d055048z4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305115", "to_ids": true, "type": "filename", "uuid": "7e1f27c9-f063-44b0-a77d-e8e9b0a7db62", "value": "87b4a42cdd6bf6d4a97e744dd67afef6f35b7ce7355ce8bd00b94613d67a8839.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305115", "to_ids": false, "type": "text", "uuid": "cfe6fb2e-7fac-425a-b8c5-84513f42dd1d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:39/71\nFirst Submission:2026-04-21T00:17:31.000000+00:00\nLast Submission:2026-04-21T00:17:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544516", "uuid": "a9c3d509-fb9e-4adb-88e1-ef23b33561af", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544515", "to_ids": true, "type": "md5", "uuid": "8a917c6c-8e4b-409e-bb5d-898acf07f213", "value": "316423059549edf3a82b722c0d322fe6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544515", "to_ids": true, "type": "sha1", "uuid": "46784935-8208-4e8c-8d63-1dc5bf42540d", "value": "ebffefc5d68fa7b2cf1ff76dca2933b1b47fd0ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544516", "to_ids": true, "type": "sha256", "uuid": "367ff177-0fbb-4e4c-927f-50cada497aff", "value": "f1db698c68543c49d9a19e5725e72a96535a06e787915076d55dfe960a770f8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305136", "to_ids": true, "type": "ssdeep", "uuid": "b8eb616e-1f15-4551-83a0-75df3bedbafe", "value": "98304:yOL+jxb7547PfJPowFhAcLQvdfYpx5D3O:yOijxP5yAcEvdAP3O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305136", "to_ids": false, "type": "size-in-bytes", "uuid": "4b603817-97cd-4b20-ae11-282e5f19b90b", "value": "5074848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305136", "to_ids": true, "type": "vhash", "uuid": "f07c4ae4-3513-441d-a1f6-4442fce56208", "value": "056076655d556515755283z12ze23zf1z12z1f1z2041zd033z16z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305136", "to_ids": true, "type": "filename", "uuid": "53fd5163-a19a-40c4-8ada-d0ea5858b36e", "value": "CCleanerBugReport.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305136", "to_ids": false, "type": "text", "uuid": "20ed0466-2ee5-4d1d-84f8-e1f6a22b86b6", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2024-06-07T10:17:36.000000+00:00\nLast Submission:2026-04-23T06:59:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544520", "uuid": "0e9a2f8e-bd81-45df-8c4e-3d9a8ee7bac9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544519", "to_ids": true, "type": "md5", "uuid": "25de3797-0f3a-4e80-9004-0ce64d4b3ba4", "value": "b3d6fa78ea0c865ded44fed1f76a8617", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544519", "to_ids": true, "type": "sha1", "uuid": "06c7bcf6-cdc5-4605-bed2-fb505e5a82e6", "value": "9199f9a769e7877a77592d878ee4e2da520d4377", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544520", "to_ids": true, "type": "sha256", "uuid": "13b048be-dc06-4675-9d89-3f71bf0f2573", "value": "911c4dca2247dd958c8a9a43b080c9909658a77f497af907b7985ec1b438621c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305158", "to_ids": true, "type": "ssdeep", "uuid": "940e5287-2164-4930-b85f-87ce1df89925", "value": "3072:YZq1+3s6dpqMdOwRZIVBHIBEVJsBcHDb7:p+tdHnZIPF9jH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305158", "to_ids": false, "type": "size-in-bytes", "uuid": "f2faf393-290e-4820-b295-560b14df69b2", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305158", "to_ids": true, "type": "vhash", "uuid": "8226c3dc-8bd7-4303-a8e7-04312e43d5e6", "value": "115066655d151d055088z58hz13z5ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305158", "to_ids": true, "type": "filename", "uuid": "95c7aa46-3541-4ae3-8c9b-3ce3ecc18505", "value": "911c4dca2247dd958c8a9a43b080c9909658a77f497af907b7985ec1b438621c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305158", "to_ids": false, "type": "text", "uuid": "e8d7d18c-e1ad-451b-9a84-6212a5d5b64a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:32:07.000000+00:00\nLast Submission:2026-04-20T23:32:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544523", "uuid": "431e79b1-89cf-4547-a3c5-a63905b92bb1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544523", "to_ids": true, "type": "md5", "uuid": "f5bc9641-c61d-4fa2-8447-802cb0c0f766", "value": "a69be64e8c0cfc997c849f720a211ccf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544523", "to_ids": true, "type": "sha1", "uuid": "20a83576-6cca-4c7c-9ef6-7b918ff62f48", "value": "d57b156cc5c6e0dc020b08d81bb5f6cfd34190cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544523", "to_ids": true, "type": "sha256", "uuid": "f38cf2cb-d1c0-42e8-aa41-d45cff4a4d5f", "value": "7fd36bb8a300025b7f2a19c1ba3717de1f4528c943847af1f45d96d05421bc71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305180", "to_ids": true, "type": "ssdeep", "uuid": "2add8264-4deb-4c3e-849c-826df9ac0d49", "value": "3072:cpZR96uepIniy8oKt6VQezDZ4Cc1x5qV+K2aK:SRMvZy1Kxdmf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305180", "to_ids": false, "type": "size-in-bytes", "uuid": "737dfe28-50eb-4fca-983f-427c23dbf01d", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305180", "to_ids": true, "type": "vhash", "uuid": "92e5bb05-6910-47fd-b884-3a4268f50927", "value": "115066655d151d055018z5bnz31z49z10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305180", "to_ids": true, "type": "filename", "uuid": "2d671236-abb0-44a3-b39b-bf85d13b23d7", "value": "7fd36bb8a300025b7f2a19c1ba3717de1f4528c943847af1f45d96d05421bc71.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305180", "to_ids": false, "type": "text", "uuid": "b4aef026-8037-46cf-90a5-b026b1d54d6a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:40/72\nFirst Submission:2026-04-20T23:48:55.000000+00:00\nLast Submission:2026-04-20T23:48:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544527", "uuid": "36f840a1-6d46-404e-ae6a-1aaa5524cb59", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544526", "to_ids": true, "type": "md5", "uuid": "6adb60f4-8470-41af-b552-5f908fa6be97", "value": "b62be21a2ee54b9577768b100b6061a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544527", "to_ids": true, "type": "sha1", "uuid": "0a4bc30d-e395-495f-a0a2-9b81bc171ccc", "value": "c39362d1a03d48b97c5a7edca16972705a985baf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544527", "to_ids": true, "type": "sha256", "uuid": "aa0eeae1-32c2-46ac-b14d-1041a60492d8", "value": "1bf06a7957a65f5b54dfd34a1fa484215bc2fdb7892bfd1ebf07c47291b6da6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305202", "to_ids": true, "type": "ssdeep", "uuid": "7657b1bd-8752-40e0-86d8-8dddff260caa", "value": "3072:ZnhriAfIJGupGCBQbfQMPOGQp/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCMM:ZfSGwDMfQMP5P7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305202", "to_ids": false, "type": "size-in-bytes", "uuid": "def0b85b-8eb3-404a-b9d4-14256279ef8a", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305202", "to_ids": true, "type": "vhash", "uuid": "b0d8262e-0bf2-4132-9d46-3291130cd9fb", "value": "115066655d155d055az567z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305202", "to_ids": true, "type": "filename", "uuid": "d197156a-4732-4439-aaad-f2dbfd9f2f13", "value": "1bf06a7957a65f5b54dfd34a1fa484215bc2fdb7892bfd1ebf07c47291b6da6c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305202", "to_ids": false, "type": "text", "uuid": "3915e5b2-c7be-4a1c-b8ae-af947f21a24d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:32:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544530", "uuid": "7460abc8-17fb-4d6e-b851-5580846ce7db", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544529", "to_ids": true, "type": "md5", "uuid": "9b6e4bd3-981b-442d-8cbe-546baca5f3d8", "value": "3201f19c0bb2ddf430ae6da4d30a8cd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544530", "to_ids": true, "type": "sha1", "uuid": "49051e57-0adc-4882-a26e-b21850b91f4b", "value": "9215d1233d6110b156480cc70d79afdf49181d37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544530", "to_ids": true, "type": "sha256", "uuid": "80e2bbd5-82a4-4d7c-a486-5285bc9b2f60", "value": "c73947cf188f442bed228f62a3ba5611009fdc2f1878aaed7065db95ede05521", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305224", "to_ids": true, "type": "ssdeep", "uuid": "622d64c4-8838-4411-a1f0-f593fab5b3d9", "value": "3072:yB0ckVPxIiT8Vl7xAaEt0S+0tKnkBsT2Z3KVuGHyKOiZPCPU2jJIB83kVPxIiT/M:K7CaEuS+sKnka2NKVuGHyLiZd2jJIbM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305224", "to_ids": false, "type": "size-in-bytes", "uuid": "318ef2a6-6994-4332-80b6-92dea8ea4dd6", "value": "243204" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305224", "to_ids": true, "type": "vhash", "uuid": "4ed3f5c6-4a2d-444d-9757-413a7d8ed069", "value": "1251376d1515151c051d1az170e5z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305224", "to_ids": true, "type": "filename", "uuid": "8265cb89-d2e7-4bf2-b761-7a10eacd49d1", "value": "c73947cf188f442bed228f62a3ba5611009fdc2f1878aaed7065db95ede05521.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305224", "to_ids": false, "type": "text", "uuid": "bddf63f2-fd91-4388-abe1-6deaf1a263a8", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:17:46.000000+00:00\nLast Submission:2026-04-20T23:17:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544533", "uuid": "c067b3c7-9d72-4c74-bb1f-8480414a9df3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544532", "to_ids": true, "type": "md5", "uuid": "e2ac1343-520c-4e32-b78e-0d3cb08d34b7", "value": "6495b872377af7d565e80d197c72880d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544533", "to_ids": true, "type": "sha1", "uuid": "d3141fd4-77a7-44d4-be63-a9e7eefa0708", "value": "3eb2368a5eaf858b043efe12205aa98ce4ec6ea2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544533", "to_ids": true, "type": "sha256", "uuid": "459fd7f3-5e2a-438b-b8c0-71b20aad86ab", "value": "e961928a98071cfafc928d15f7e9e6a648f1b0eeabfc1959985c722771ae358b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305245", "to_ids": true, "type": "ssdeep", "uuid": "ca2235d2-637e-42f5-8d25-e02904a5ffbc", "value": "1536:qRRnUd2dai4PMqIylhfmWv+kf2ANopP1wPbmWrnicRCXGfn2AHF:qPUsdai1qI6RWkuANoV1wSWrKIPH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305245", "to_ids": false, "type": "size-in-bytes", "uuid": "ff021c8a-def6-40b2-a94f-9df814c1a448", "value": "84480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305245", "to_ids": true, "type": "vhash", "uuid": "7eb0c17b-32e6-4901-b15d-2f95f7e61b7b", "value": "08403f7f5d1019z2nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305245", "to_ids": true, "type": "filename", "uuid": "55f8d488-2840-4fe5-8c40-16b80e6ee489", "value": "e961928a98071cfafc928d15f7e9e6a648f1b0eeabfc1959985c722771ae358b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305245", "to_ids": false, "type": "text", "uuid": "5a1a1b56-2bf5-4b83-993d-2dabf5acdb50", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/KeyLogger.LM!MTB\nVT Total Detection:56/72\nFirst Submission:2026-04-22T05:21:25.000000+00:00\nLast Submission:2026-04-22T05:21:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544536", "uuid": "06967e4e-d2b3-4f62-bdc0-4faa7cda87a8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544535", "to_ids": true, "type": "md5", "uuid": "93101fe7-a0e3-4b8b-9c50-01be22245b8a", "value": "c45411a7a6fc1fb3448709962639d854", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544535", "to_ids": true, "type": "sha1", "uuid": "0c4464e9-d6ad-4a4d-ad2f-712443db0c9d", "value": "62d42ff36ea8f7bc34c5dfb5aaf27e0c61bfae3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544536", "to_ids": true, "type": "sha256", "uuid": "1e0c7291-2791-4888-abd8-92ff489070a7", "value": "60a5546114afc6e1f965d16b327eaa41f6a0f3b6a9af4eec20559c54e06f7c09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305267", "to_ids": true, "type": "ssdeep", "uuid": "73f46f4e-b14f-4b8e-81b1-98aa49b255c3", "value": "3072:VXz3QQah85ZpA4rwgw3LVVQezDZ4Ckx5qVHckVPxIiTlpDi:VXLaabDw53Y4hi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305267", "to_ids": false, "type": "size-in-bytes", "uuid": "642dfc77-d781-4ff1-a916-7ac2688dc307", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305267", "to_ids": true, "type": "vhash", "uuid": "310812b2-03fd-477a-a802-fd0fd97b95fe", "value": "115066655d155d055018z5bnz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305267", "to_ids": true, "type": "filename", "uuid": "d150faa8-fc35-4612-bd23-51f9c4ab616d", "value": "60a5546114afc6e1f965d16b327eaa41f6a0f3b6a9af4eec20559c54e06f7c09.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305267", "to_ids": false, "type": "text", "uuid": "44bd8848-876c-4e57-a24a-2de70f36a871", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-20T23:12:51.000000+00:00\nLast Submission:2026-04-20T23:20:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544539", "uuid": "984fb8e8-20b7-4a07-b5c3-411d3d5047e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544538", "to_ids": true, "type": "md5", "uuid": "ccda8f1c-e89e-4a36-b7f4-74bc8697327a", "value": "ce173ebbc6d829b97d9ce2a2e45fa702", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544538", "to_ids": true, "type": "sha1", "uuid": "a30d18b1-1dee-4b5a-86bd-6ea5cf2c2df7", "value": "5079a03c8d7af4362feb2039c72d42a5a6012d9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544539", "to_ids": true, "type": "sha256", "uuid": "0a967329-79fc-48c6-a872-6eaac210b705", "value": "587e7bbbb8c94edaf90e077f6721c6042e3f46f00e65497cde5513dfbb20cb3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305289", "to_ids": true, "type": "ssdeep", "uuid": "d633477d-ed3b-4691-a17c-b3c904637c70", "value": "12288:a6pxxGI8gvGOHJpAbDYGxLhZ+sPZt/mPFN:a6pxxx8U+bDYGxLhZtZUPF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305289", "to_ids": false, "type": "size-in-bytes", "uuid": "5028b34d-9d3d-4133-a688-9c651b73bee1", "value": "507392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305289", "to_ids": true, "type": "vhash", "uuid": "88a5c31b-d092-4e09-9219-1dd3d9608fc6", "value": "055056655d15156225za00a87z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305289", "to_ids": true, "type": "filename", "uuid": "c611e042-1dab-48b6-981c-8a376ed3a544", "value": "587e7bbbb8c94edaf90e077f6721c6042e3f46f00e65497cde5513dfbb20cb3a.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305289", "to_ids": false, "type": "text", "uuid": "d162b233-c4dd-4d78-8b59-42a64631299a", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:62/72\nFirst Submission:2026-04-20T23:13:14.000000+00:00\nLast Submission:2026-04-21T20:14:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544542", "uuid": "d170e401-85cf-4ed6-9d82-52c53e800634", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544541", "to_ids": true, "type": "md5", "uuid": "cdcc99b9-515b-4113-847c-b831576ec489", "value": "99e4cb3740cc6efd3adeddd6bce27b1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544541", "to_ids": true, "type": "sha1", "uuid": "7bff2cee-1b7c-449a-af31-5c552ee5621c", "value": "bff3929a425f2869ed099754be587a567e409db5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544542", "to_ids": true, "type": "sha256", "uuid": "ed184851-d011-45a5-a644-177490987c91", "value": "884118224c1aedfdf502c337c92c4ee63c87aaaf09d4f4d30800c6df66baf2fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305311", "to_ids": true, "type": "ssdeep", "uuid": "c4b7c43b-8a54-49a2-8bc5-f5f152eb1c56", "value": "3072:L+MwulKXezak9QbNOkzviKtDAOjzJoyfm2GgzskZpgyzfWHRzT9aiD8RB2x:dAXIMNOkzvhtCc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305311", "to_ids": false, "type": "size-in-bytes", "uuid": "82ab9c53-e21b-4f65-918a-78c8641abf6f", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305311", "to_ids": true, "type": "vhash", "uuid": "38816b13-5c7a-4920-9666-4d6f4e4ffe17", "value": "115066655d155d055az557z2095z13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305311", "to_ids": true, "type": "filename", "uuid": "bcf925a8-97ef-486c-9d6c-5366fd43e0a3", "value": "884118224c1aedfdf502c337c92c4ee63c87aaaf09d4f4d30800c6df66baf2fc.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305311", "to_ids": false, "type": "text", "uuid": "622c82b6-fb3e-41aa-99bd-3d7aae22a608", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:13:38.000000+00:00\nLast Submission:2026-04-20T23:44:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544544", "uuid": "74f0ecd3-3875-4cfd-9a8b-3eda2b2cc59a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544543", "to_ids": true, "type": "md5", "uuid": "6a523b33-1fb2-4b66-81de-6b82c256d3ac", "value": "2d088705b36e472e48c738491ee8c7c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544544", "to_ids": true, "type": "sha1", "uuid": "69198e78-30ab-4580-a564-a8f82fb2ff8f", "value": "6c010a0751e9814f190d5c5288d7febcbd416464", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544544", "to_ids": true, "type": "sha256", "uuid": "e50e6c28-78d8-4ff8-89ee-8560a113b6f1", "value": "c7a101df74544509c8ed89a724d83e38c19f1693541db5321eed61a881f730dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305333", "to_ids": true, "type": "ssdeep", "uuid": "d2fc420f-cb06-4a69-a587-f1048c55e9b6", "value": "3072:asAwoPt0PRG7nQbwAwZDuf+0PpgqOOAlw:bol0pAMwAwZS/qhe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305333", "to_ids": false, "type": "size-in-bytes", "uuid": "2d8ac7b5-b3b1-43cf-86ec-e46ecc967aa6", "value": "102912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305333", "to_ids": true, "type": "vhash", "uuid": "8c8f20f8-816c-4507-90a1-7e7d729a1e81", "value": "115066655d155d055az49?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305333", "to_ids": true, "type": "filename", "uuid": "cb91e33e-6fb4-4ff3-953b-5cf94394801d", "value": "c7a101df74544509c8ed89a724d83e38c19f1693541db5321eed61a881f730dd.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305333", "to_ids": false, "type": "text", "uuid": "db620708-8376-4220-beac-009ed8990086", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:32:38.000000+00:00\nLast Submission:2026-04-20T23:32:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544547", "uuid": "353af08b-f8ca-42c6-911c-318edc42ad13", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544546", "to_ids": true, "type": "md5", "uuid": "a96cbff4-e17e-466a-bacb-bcc7769e957f", "value": "e82ce30dd90338c137c3f589bb173b60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544546", "to_ids": true, "type": "sha1", "uuid": "42cf55d2-af3c-4721-bfef-0b04028eb2d1", "value": "e4a032d585c2c3ca4b3640cc0c86e7775b629419", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544547", "to_ids": true, "type": "sha256", "uuid": "30f24ed2-c1bc-4bc5-88ac-c0f027ef347f", "value": "6fbdb7ece48b9ac677ce42083b627bd3bb01bd448ba0f511974697f36e08d04d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305376", "to_ids": true, "type": "ssdeep", "uuid": "e62b1abe-1c1b-4985-96e4-08a23545c519", "value": "12288:Dv80pij/1oj2KI2pcbvlRzYCJKrR9jL0LSl:z8s2KI8cbdtYFrRdZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305376", "to_ids": false, "type": "size-in-bytes", "uuid": "359e5432-dc54-49bb-928e-41b8c30ea31f", "value": "462336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305376", "to_ids": true, "type": "vhash", "uuid": "ca86bf72-49c2-4a91-ab42-446762d4f372", "value": "2450367d1511f08e53151090" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305376", "to_ids": true, "type": "filename", "uuid": "2fdef78f-3d59-47b9-9d74-158b0ad5394a", "value": "XWormClient.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305376", "to_ids": false, "type": "text", "uuid": "a4edc6e8-d869-47e1-8839-c2d76140f3e5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/XWorm.RR!MTB\nVT Total Detection:53/71\nFirst Submission:2026-04-20T23:14:01.000000+00:00\nLast Submission:2026-04-20T23:14:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544549", "uuid": "6993660a-164f-4b81-9723-13983660a79e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544549", "to_ids": true, "type": "md5", "uuid": "cc0fae91-88c4-4410-bf8d-7cb3f5b32eb3", "value": "ccfc074c7411a1690e79af150682bb8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544549", "to_ids": true, "type": "sha1", "uuid": "98aac067-e525-4f04-93fe-36f5d67ec616", "value": "e907c13a1530739991f4cc736186abd18d7f90a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544549", "to_ids": true, "type": "sha256", "uuid": "80b7f4f3-bf61-4ddf-b1c3-b25cab38bfd8", "value": "2d22856022fe1009ac1abcc65d63048ccb58590a41a5cbd00c90fef21135bc8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305398", "to_ids": true, "type": "ssdeep", "uuid": "6cd5e5e1-aa7e-4d6a-81c6-361a099212da", "value": "1536:LkfjEIf3LlY8ktFlEEsWJp2TH4SDmQc0cp9b6EsEovsWy9hdi9dlx7sErD:wXf3irLrXJpuYmc0m9/svE9byf7sKD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305398", "to_ids": false, "type": "size-in-bytes", "uuid": "3464f4b7-baaa-4f66-90c9-bc884331fece", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305398", "to_ids": true, "type": "vhash", "uuid": "a296fd67-e79b-47f1-b351-34cc3f135529", "value": "115066655d155d055018z5d7z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305398", "to_ids": true, "type": "filename", "uuid": "83c4dd3e-11b1-45ad-91c3-676163444457", "value": "2d22856022fe1009ac1abcc65d63048ccb58590a41a5cbd00c90fef21135bc8d.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305398", "to_ids": false, "type": "text", "uuid": "2eb2661f-616c-4bd6-bed9-748b06e44638", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:14:25.000000+00:00\nLast Submission:2026-04-20T23:44:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544552", "uuid": "f5074676-dbb2-403d-bba6-cc0a6c9c6801", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544551", "to_ids": true, "type": "md5", "uuid": "83218125-ebcf-4eb0-b6c7-93ea19edd901", "value": "15248dff6895bf1274fe6cbca41de0ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544552", "to_ids": true, "type": "sha1", "uuid": "4626e4ff-bd81-4ee1-84db-54e27005e7bd", "value": "c9afe9abe54ffba8a0a2a2b91baa6b2d15750e4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544552", "to_ids": true, "type": "sha256", "uuid": "44462c5c-7a30-40f4-83a1-aa8f49436ab2", "value": "1f0191cc5bd8838fdd46e8969eeeb6e22b0b1972912271fa1afd06265e2aa6e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305419", "to_ids": true, "type": "ssdeep", "uuid": "aac56f11-ae3e-49d4-a657-d6cbefb445f4", "value": "192:kT9DA9mw9U2nz/+tNayK5w5nWAjZwhC0TGeYEeJL1LJlJ/5/qZSLUu:kT9DA9uS+ayK+lWcwhCCK/L7/qZSLUu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305419", "to_ids": false, "type": "size-in-bytes", "uuid": "82c1e53e-5992-4a0b-99b3-16bc7580614a", "value": "17408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305419", "to_ids": true, "type": "vhash", "uuid": "88a3bee1-ddef-4279-8619-b3be2684c45a", "value": "1140b76d1515151c051d1az1f0ffz13z11z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305419", "to_ids": true, "type": "filename", "uuid": "c46adf39-274b-4076-bd8b-fdaf665b0d83", "value": "1f0191cc5bd8838fdd46e8969eeeb6e22b0b1972912271fa1afd06265e2aa6e2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305419", "to_ids": false, "type": "text", "uuid": "3c02a2c0-7085-49f5-92f3-3003cc6c262e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:56:31.000000+00:00\nLast Submission:2026-04-20T23:56:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544555", "uuid": "a8082d8e-bca8-407c-b203-9f592a36dfe6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544554", "to_ids": true, "type": "md5", "uuid": "620e83fe-4a04-46f2-80f8-3da683bcd1ae", "value": "98066a046273ded1b0cb92b2175f5573", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544554", "to_ids": true, "type": "sha1", "uuid": "de2904f0-8cdd-4851-8eff-a8bb0cec16cf", "value": "b73d3ecf0aeb3b5d5681e9c1fa2d20f0b7264ecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544555", "to_ids": true, "type": "sha256", "uuid": "79e9a80e-ccf2-4eb2-96cf-15deb58b18fa", "value": "01e4174159baf68c3ad3c126e7acc0fe9708dc99387094278ab3b04c6b7d6a09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305441", "to_ids": true, "type": "ssdeep", "uuid": "4ee62866-a4d2-498e-95f0-85b50c3110a4", "value": "1536:9vzpP5wkTwPMFZYQ46x6Fu3DpGTHASUVjLLJBq/5tEJsWTrdj9dl7G8vQNv:9gXPMsoF3Dp+g9LLrqBtqB7dBvQN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305441", "to_ids": false, "type": "size-in-bytes", "uuid": "27051fa9-57c6-4de0-93f2-3158fb4bd351", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305441", "to_ids": true, "type": "vhash", "uuid": "02bebac6-9234-4f89-bdab-1ac64d6a16ad", "value": "115066655d151d055018z5fhz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305441", "to_ids": true, "type": "filename", "uuid": "8516751d-fd71-4554-b703-ed1d0b134b3b", "value": "01e4174159baf68c3ad3c126e7acc0fe9708dc99387094278ab3b04c6b7d6a09.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305441", "to_ids": false, "type": "text", "uuid": "47ec5304-2c68-4720-ab1b-bd1cafff7e05", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:48/71\nFirst Submission:2026-04-20T23:14:48.000000+00:00\nLast Submission:2026-04-20T23:30:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544557", "uuid": "f65f58ca-c6dd-4e6e-97f4-cdd1798f2d8c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544556", "to_ids": true, "type": "md5", "uuid": "98bbfa40-989d-443c-b25a-d5122829ada8", "value": "2fe43985f8b05475c1f8db9bb0f27598", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544557", "to_ids": true, "type": "sha1", "uuid": "12d2a548-d461-4580-bafd-6e674938d394", "value": "7ea5524dca232075a48dd736c8dd445a7d990a0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544557", "to_ids": true, "type": "sha256", "uuid": "c39fa23d-7692-4a43-942a-b4ad017efbfc", "value": "29a3ebc7824653ca026d5d0ca36d6dec82eea416c5774a13dcce5b780402e116", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305463", "to_ids": true, "type": "ssdeep", "uuid": "88513f6d-6fc1-4ffd-8691-6476b938ae27", "value": "3072:qd/2Rw6hIsGSSQbUA8dnf7vrXT/7nM4L3zm2Q9ZVbZacTVhsrfaDvPK0:qcR9hbEMUA8dfj6PK0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305463", "to_ids": false, "type": "size-in-bytes", "uuid": "af24a18d-6cc0-482b-be00-1f6562869616", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305463", "to_ids": true, "type": "vhash", "uuid": "41af7a91-a2af-4eff-81d9-7e929055fc29", "value": "115066655d155d055az56nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305463", "to_ids": true, "type": "filename", "uuid": "a8d3d589-b829-4342-8c60-b9921767db8b", "value": "29a3ebc7824653ca026d5d0ca36d6dec82eea416c5774a13dcce5b780402e116.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305463", "to_ids": false, "type": "text", "uuid": "a81dde49-9fd6-41e1-81b6-a012bb113373", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:25:53.000000+00:00\nLast Submission:2026-04-20T23:25:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544560", "uuid": "6d53fff2-d7a2-4283-95a2-974d66a73af1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544559", "to_ids": true, "type": "md5", "uuid": "9c57a8fd-5dc3-4a5a-a5bc-1b96bbf3bc51", "value": "9a00bfd4a5c6a1ebe251907c6bfe594e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544559", "to_ids": true, "type": "sha1", "uuid": "377a8ab3-5d16-4cc3-a4cd-088112adb691", "value": "d3e603f8a2bd54365fdd16088742f3998928d3ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544560", "to_ids": true, "type": "sha256", "uuid": "bd10f7fd-d66f-42bd-9cbb-05a92aa36fcf", "value": "c5619ff0944d7b99f9ccd7ee067df499366ba06ef4e00729dd88edac7290674c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305485", "to_ids": true, "type": "ssdeep", "uuid": "17ffc9f3-ce17-44ab-9286-1cd0f2db95c8", "value": "1536:yHABEZV7YQJgEKfUn3o/xuTHuSwQb4Arpu7y6skzw8EECHsWeqdR9dlRtk0iQD:yJHYQX9Y/xGO3Qb4AE7y6EzMwpjC0iQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305485", "to_ids": false, "type": "size-in-bytes", "uuid": "44ce05e5-1f03-4947-98c6-1ecb46f28ffc", "value": "102912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305485", "to_ids": true, "type": "vhash", "uuid": "c4fc35cb-e184-4e00-8135-c61bc0b2ab96", "value": "115066655d155d055az4b?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305485", "to_ids": true, "type": "filename", "uuid": "6802f740-91e6-4ced-8075-c7976be14ec6", "value": "c5619ff0944d7b99f9ccd7ee067df499366ba06ef4e00729dd88edac7290674c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305485", "to_ids": false, "type": "text", "uuid": "44b6b3fc-9ed4-4034-b399-05b41bd5b684", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:13:42.000000+00:00\nLast Submission:2026-04-20T23:13:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544563", "uuid": "c34917c3-97b0-4a9e-b3bb-99806d90f849", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544562", "to_ids": true, "type": "md5", "uuid": "75ccb90f-c8fc-49e3-ba28-5a72b60b5e1e", "value": "b9c156d5c80aafc5e04db6871b61078f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544563", "to_ids": true, "type": "sha1", "uuid": "1eba1850-172c-452b-bd89-94138b35d985", "value": "3374e100f29a4878469a7bb613eb6c1ca5bb9d85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544563", "to_ids": true, "type": "sha256", "uuid": "4b9967da-bfb7-4658-b152-b48a57ee337b", "value": "45c735e7733384897b4d15ac2a9bf6014028bbc8c4ed4ff9424330e81302034b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305506", "to_ids": true, "type": "ssdeep", "uuid": "1982153a-e4e1-47a5-8dbe-11faad574a78", "value": "49152:Gvot62XlaSFNWPjljiFa2RoUYIsiLPmzukoGdMTHHB72eh2NT:Gvk62XlaSFNWPjljiFXRoUYIsiLe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305506", "to_ids": false, "type": "size-in-bytes", "uuid": "89de8b88-27b8-4061-94e1-9fd238926c2e", "value": "3265536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305506", "to_ids": true, "type": "vhash", "uuid": "3d693823-ac04-42f4-8168-1e4be999298a", "value": "236036655516102d31ffff221e5bc5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305506", "to_ids": true, "type": "filename", "uuid": "11ef1054-c3c0-4585-a0a2-1b2f6c51c4f5", "value": "Client.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305506", "to_ids": false, "type": "text", "uuid": "70a0cf3b-5bc3-4c63-9222-3908d89fd813", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Quasar!atmn\nVT Total Detection:63/71\nFirst Submission:2026-04-20T23:15:13.000000+00:00\nLast Submission:2026-04-20T23:41:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544566", "uuid": "c839399d-cd7c-426e-883f-e1401611cbc0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544565", "to_ids": true, "type": "md5", "uuid": "3cd0d710-3363-4d08-8c27-85f42366efdd", "value": "ad426a79f9d9980a0ceaec2a84c9611c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544565", "to_ids": true, "type": "sha1", "uuid": "6e6e63e5-33b9-4402-92a3-d546ba6a766c", "value": "cf4750cb258a6dc4eeb1ac52f1164d26b06cc39b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544566", "to_ids": true, "type": "sha256", "uuid": "12c3b892-0bfa-4b02-84f0-74ba78b8b042", "value": "b5ce79db27d93a8da119f34600c09f15ea9a4b7cd39defe20c08b030cc86a72c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305528", "to_ids": true, "type": "ssdeep", "uuid": "ce1f1ebb-3580-44b8-aace-0df5d24d04f8", "value": "3072:0r/azEnyFSpckqn/JqqJxSjjmPckVPxIiTRQQol:0ruEyY2n0NWOQol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305528", "to_ids": false, "type": "size-in-bytes", "uuid": "c79da2be-2a84-4de6-b2ed-34ba51a31bf3", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305528", "to_ids": true, "type": "vhash", "uuid": "6196f2aa-8cc2-4f8f-9bf2-b97bbd00449c", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305528", "to_ids": true, "type": "filename", "uuid": "0eb20143-6841-4397-9702-7900bcac00da", "value": "b5ce79db27d93a8da119f34600c09f15ea9a4b7cd39defe20c08b030cc86a72c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305528", "to_ids": false, "type": "text", "uuid": "0b3efba3-ec7a-48fd-8b77-17e235476f37", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:13:53.000000+00:00\nLast Submission:2026-04-20T23:13:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544568", "uuid": "99311fbe-8c81-434f-9a01-8c89aebe832b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544568", "to_ids": true, "type": "md5", "uuid": "85a645ac-7815-4685-a580-73fb7010ae76", "value": "8c4668996541098b36a9eadbb4130436", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544568", "to_ids": true, "type": "sha1", "uuid": "718e9ad6-545e-43df-9066-1101f4c3ba1b", "value": "bb883ba3d9dfb3233785c96da9c03dea5175c656", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544568", "to_ids": true, "type": "sha256", "uuid": "2676effb-3343-4df7-b239-7a8074bcd0e2", "value": "34b09c16f347ecda5b4e40ec00d19c10917c3151fa55b0294d7987fdc5baf950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305550", "to_ids": true, "type": "ssdeep", "uuid": "094d8a83-2a83-4408-8fc8-415a92cbb4f0", "value": "3072:2loll4YSI2bdOASdo5XjxZsIV1dqj5NEWax:xlLeAdoZbVm5GHx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305550", "to_ids": false, "type": "size-in-bytes", "uuid": "a9c3022c-0740-4578-aa90-5e8fe79e38bc", "value": "114688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305550", "to_ids": true, "type": "vhash", "uuid": "2be7f217-f996-408a-9009-d1551b17feb6", "value": "115066655d151d055088z597z2095z13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305550", "to_ids": true, "type": "filename", "uuid": "9b88580d-3602-4187-9499-42d1ed0265f2", "value": "34b09c16f347ecda5b4e40ec00d19c10917c3151fa55b0294d7987fdc5baf950.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305550", "to_ids": false, "type": "text", "uuid": "b7c8d789-51ef-4775-945f-5117d5e858a1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:15:37.000000+00:00\nLast Submission:2026-04-20T23:15:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544571", "uuid": "4fab570a-beb9-4673-97af-789c84c5dc57", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544570", "to_ids": true, "type": "md5", "uuid": "f1716f09-553c-47f0-bf58-9c478f346580", "value": "2a89ab276ad575871168b9a93e7e3e74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544571", "to_ids": true, "type": "sha1", "uuid": "aec05bf5-b9d2-42ef-b1f2-7b295cb09fdc", "value": "cf860168b863635acda936ab20a43561ed99f6bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544571", "to_ids": true, "type": "sha256", "uuid": "29a84fa6-11e4-46bc-872c-52bf873fc194", "value": "1904c38b3941d6f8cc2d363701a23fb295acfe739dd2ee2148c249edd38b23fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305592", "to_ids": true, "type": "ssdeep", "uuid": "81b74623-c751-472f-ab88-3d117d1079a7", "value": "3072:E3LSyZJasQbORk9ETLFTpIS/GWmATME5JAST/2njLhbC3G1+SzoQsUSckVPxIiTu:uuy96ORkmTLHmwlo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305592", "to_ids": false, "type": "size-in-bytes", "uuid": "854b7a53-c2d8-4da5-a6ce-fd733d872661", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305592", "to_ids": true, "type": "vhash", "uuid": "0fc9b7e9-bdd6-4ecd-87f6-a03da6e3496f", "value": "115066655d155d055az57hz13z41z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305592", "to_ids": true, "type": "filename", "uuid": "da6b74cb-60bb-46b9-bcf3-1c206f2d9e6a", "value": "1904c38b3941d6f8cc2d363701a23fb295acfe739dd2ee2148c249edd38b23fc.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305592", "to_ids": false, "type": "text", "uuid": "818cae60-4884-43be-93f8-1009f59901ab", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:16:01.000000+00:00\nLast Submission:2026-04-20T23:16:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544574", "uuid": "22d3e0ef-662e-4fd6-a9cd-5c809eb10afa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544573", "to_ids": true, "type": "md5", "uuid": "2373bc53-d73d-42d9-8453-03f3b067ae9e", "value": "d9161daf17990e3a9575b887ef787194", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544574", "to_ids": true, "type": "sha1", "uuid": "7f0d2788-5f8e-40bd-9b9a-0e2fcb3b4263", "value": "1ce3ad96f6dcb85094bb93261138ac24407d06bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544574", "to_ids": true, "type": "sha256", "uuid": "d023eb4e-fccc-46a5-af66-ab3e67ba1930", "value": "fcd6427862bc5672cd51c26562025d6d846b4f635a0b39c004e9c68a0c266c88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305615", "to_ids": true, "type": "ssdeep", "uuid": "ea3a40b0-db57-4f3b-9e57-4ff999fdeb62", "value": "1536:9kIQtkhbUf5ZYT4FqW8/SpzTHASRmwuShGTCiHWNUtEJsWTrd79dlbWiHgxXz:9qtqUfAsWSpHg0uSmCOWetqBz9WOgxD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305615", "to_ids": false, "type": "size-in-bytes", "uuid": "6d4fbaa8-34d7-4531-b5d3-6bb77cbb4024", "value": "111104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305615", "to_ids": true, "type": "vhash", "uuid": "8644cafc-ddce-4c3f-9931-8a5fddf301bb", "value": "115066655d151d055018z5fhz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305615", "to_ids": true, "type": "filename", "uuid": "9418df8b-5d9f-441a-900c-2cd19539e5af", "value": "fcd6427862bc5672cd51c26562025d6d846b4f635a0b39c004e9c68a0c266c88.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305615", "to_ids": false, "type": "text", "uuid": "97717b2f-4c66-4812-80ab-e846ae0d0a97", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:14:15.000000+00:00\nLast Submission:2026-04-20T23:14:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544577", "uuid": "998697a5-3855-49ce-8532-abe8abd8e9ba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544576", "to_ids": true, "type": "md5", "uuid": "2f8b2396-062b-4e4d-8da1-a053dc679ce0", "value": "a45198814284740425d71697a083b1d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544576", "to_ids": true, "type": "sha1", "uuid": "3dbbe7a7-c191-4c04-8df4-d082815721e4", "value": "a49d9b5141bbdf877728515b79f5f5636932436b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544577", "to_ids": true, "type": "sha256", "uuid": "dba36a3b-9e45-4502-8c8e-fd6a583a6a9f", "value": "6b5dd18c16d559337480bd2b3fdc0e2afcf3c1c2161636967591c00f5282a51c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305636", "to_ids": true, "type": "ssdeep", "uuid": "c7fb0629-a940-4c42-a2f9-e13ecb5f1964", "value": "384:Fcrz9pAvSVbZltYzwVD28+KKmckVPxIiTgALMyK:Fg9sUb/KzuDumckVPxIiTJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305636", "to_ids": false, "type": "size-in-bytes", "uuid": "5808a62e-a288-4ad1-83d0-35d8a1c83b4a", "value": "17408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305636", "to_ids": true, "type": "vhash", "uuid": "36dc1b0b-a998-47af-a592-0aef6d1fa709", "value": "1140b76d1515151c051d1az140elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305636", "to_ids": true, "type": "filename", "uuid": "967c2bf1-b12c-4831-9575-5db5d6ce2b27", "value": "6b5dd18c16d559337480bd2b3fdc0e2afcf3c1c2161636967591c00f5282a51c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305636", "to_ids": false, "type": "text", "uuid": "4f94a896-67e4-46d8-a124-42231106fd0c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:34/71\nFirst Submission:2026-04-20T23:44:51.000000+00:00\nLast Submission:2026-04-20T23:44:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544579", "uuid": "f18a76de-2476-4c9f-9069-54c900ba8c6c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544579", "to_ids": true, "type": "md5", "uuid": "6d24721a-3c11-463f-905c-a4766aa200d6", "value": "0776af15eb224c875d7b350910f0112f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544579", "to_ids": true, "type": "sha1", "uuid": "df95451d-93fb-45f2-89f2-c713ab0a2a6c", "value": "72a20c238da00b43e69792883e8ed334d1605579", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544579", "to_ids": true, "type": "sha256", "uuid": "422b581c-6bc2-468f-b363-a72701bada8e", "value": "9889e9699fdd5811c425b1112879f56c80ae20da0e050d8cb5a6e1c84df825fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305658", "to_ids": true, "type": "ssdeep", "uuid": "f3be4554-ed4d-485a-9e85-7b2a4781c536", "value": "384:YSqD9rVFMtoyJxH7Iw7H/YE7UmckVPxIiTrBX3qWLkN:Y9D9rTTWJIOHOmckVPxIiTp3B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305658", "to_ids": false, "type": "size-in-bytes", "uuid": "1177cf5a-d9c7-4a4d-948a-b8e68ff53269", "value": "18944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305658", "to_ids": true, "type": "vhash", "uuid": "9a999095-7e10-4cb1-8466-b440e8d4a78d", "value": "1140b75d1515151c051d1048z191mz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305658", "to_ids": true, "type": "filename", "uuid": "39496329-7391-41b8-9151-714b5113ed21", "value": "9889e9699fdd5811c425b1112879f56c80ae20da0e050d8cb5a6e1c84df825fe.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305658", "to_ids": false, "type": "text", "uuid": "0830c779-7178-4703-aec1-c031b88c4f92", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:20/71\nFirst Submission:2026-04-21T06:05:14.000000+00:00\nLast Submission:2026-04-21T06:05:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544581", "uuid": "8677d0a1-acaa-4e23-a29b-0d9c10bc1224", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544580", "to_ids": true, "type": "md5", "uuid": "8af155ac-d192-42a8-93e0-ff25c3f49e73", "value": "6f7ec133506088a98cac66ca7237f393", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544581", "to_ids": true, "type": "sha1", "uuid": "5c06db9a-4241-4af7-8b85-151a7ea60ca1", "value": "cef818cf48b9952144008a2149c29bb30dd6bd9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544581", "to_ids": true, "type": "sha256", "uuid": "538c266f-0c78-4e4d-aa8a-5529f4a48a21", "value": "74854d3c07fc4e585e8ba55c869de69fb85413b3603f954d59188fa6aea59520", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305680", "to_ids": true, "type": "ssdeep", "uuid": "be592f42-9be2-45ad-95f2-77f15bf0ab7f", "value": "1536:msX3V8PXuDlWs5ezEwYcM+EV/ikRmckVPxIiTe:3V82DRGEz1BizckVPxIiTe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305680", "to_ids": false, "type": "size-in-bytes", "uuid": "c7e8dee4-3e2b-482b-840e-9ee2bb136e38", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305680", "to_ids": true, "type": "vhash", "uuid": "82d557bb-049d-452b-9e45-60de6f2bcc84", "value": "1640c75d1575151c051d1az1911lz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305680", "to_ids": true, "type": "filename", "uuid": "8446afe8-91f3-4404-9815-ab4b6953d470", "value": "CCleaner.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305680", "to_ids": false, "type": "text", "uuid": "5ffd8ff6-34b2-448f-8128-e4e4dc69b17d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Sabsik.RD.A!ml\nVT Total Detection:21/72\nFirst Submission:2026-04-20T23:26:30.000000+00:00\nLast Submission:2026-04-22T07:08:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544584", "uuid": "edfc9905-78f6-4d91-9164-7c5da3a98340", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544583", "to_ids": true, "type": "md5", "uuid": "116a0d34-9d52-4390-9fe4-8851d72016e4", "value": "8e7d282e1bc3ac2ec58b3764e4435e17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544584", "to_ids": true, "type": "sha1", "uuid": "c1b87113-3621-45d7-9f3d-89cedf709965", "value": "6825e9e483abe77a44680ee25590497db8d52baf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544584", "to_ids": true, "type": "sha256", "uuid": "a15a74df-aad6-48a8-8480-e2bb761db805", "value": "12331a3d0f49b06fc013a6cdd96c3d85ad5c86cb446a53b79941d30f47604a39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305702", "to_ids": true, "type": "ssdeep", "uuid": "3d5a7a93-39f7-4759-8293-27473446fa5c", "value": "3072:9bQJQ6qcKxHOJ9LSFUSWVbEl4CkGKD/oSgi0giCBBjqXIIIIIIIIIIIIIIs9IIIe:9E261KgfSWVbElFkfoS+wBjqXIIIIII1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305702", "to_ids": false, "type": "size-in-bytes", "uuid": "ccec04b4-8e39-4cdb-90bd-583aaef383f1", "value": "187904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305702", "to_ids": true, "type": "vhash", "uuid": "23b230f3-cf33-441a-9846-44e58c4457ed", "value": "0150a76d1555555c0d1d1038z3232lz14z18z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305702", "to_ids": true, "type": "filename", "uuid": "b8dad54e-11d3-4557-96b2-fe198dfb4b7e", "value": "12331a3d0f49b06fc013a6cdd96c3d85ad5c86cb446a53b79941d30f47604a39.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305702", "to_ids": false, "type": "text", "uuid": "f67884c9-293b-4c78-9d65-b085c3f3b3d1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:33/71\nFirst Submission:2026-04-22T05:52:46.000000+00:00\nLast Submission:2026-04-22T05:52:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544587", "uuid": "2e3b1cb5-3f14-4921-8ad4-7c5e09b9e1c7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544586", "to_ids": true, "type": "md5", "uuid": "44c91e25-ccaa-49f2-b190-615b99decc15", "value": "2bfd008d7e9c56f1f822ea3e63dc5661", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544586", "to_ids": true, "type": "sha1", "uuid": "9d32b44e-8d32-4b4e-9a3a-a802230a0a3d", "value": "0e63ce397ea7343eb7fa364227abfeffd78debd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544587", "to_ids": true, "type": "sha256", "uuid": "9b5d7f6b-b42c-46f2-8a37-af0ec71630e5", "value": "5e96f414082407f0d184ea7fa554bb5e39089fe969cec60a16960b6d70142dd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305723", "to_ids": true, "type": "ssdeep", "uuid": "3d18da45-070c-4329-9b4a-0a1302ad8280", "value": "3072:WRn4RwPUciuNGC9QbfQ1/+DAW/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCMF:yXPriY3MfQ1/4Kdu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305723", "to_ids": false, "type": "size-in-bytes", "uuid": "f9c97fcd-ce15-4535-855c-0ba7e3aca5d9", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305723", "to_ids": true, "type": "vhash", "uuid": "206e2d86-c80d-45fb-8fd3-6948552753e6", "value": "115066655d155d055az567z209bz31z4az1" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305723", "to_ids": false, "type": "text", "uuid": "8ad7fd58-cd8b-409b-bd43-055ee7ecab4a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:32/71\nFirst Submission:2026-04-24T07:08:25.000000+00:00\nLast Submission:2026-04-24T07:08:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544589", "uuid": "5cb9119a-4528-4796-b697-1261cdf1b0e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544588", "to_ids": true, "type": "md5", "uuid": "ae967e32-047e-4a3f-8c39-004c2ac7d87b", "value": "2c6e2b0754086b25f22e5885f4a5a4c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544589", "to_ids": true, "type": "sha1", "uuid": "ff564be6-2de5-48b0-9d7f-624b2608341b", "value": "afd60d7bfa46986c3d85dd62ca66b2dda2ffbbf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544589", "to_ids": true, "type": "sha256", "uuid": "bb4101f5-96de-4b07-b8ff-e10dacad163e", "value": "0b834be7c5b7197451ff729390f6c4048d9108738b015bd7dbccdb39e3c9432c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305745", "to_ids": true, "type": "ssdeep", "uuid": "079ddc80-14ec-4caf-bdb0-a21b81eae378", "value": "3072:0lCEK4auFGUFQbgQe9ma+JxZ4Cv2GWwD80p5wCDvmXT7RLyzfWC7PlCaHZkWEWn2:VEZas9MgQe9N7anYR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305745", "to_ids": false, "type": "size-in-bytes", "uuid": "fcce7252-465f-4545-a44c-94b5d5ce4174", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305745", "to_ids": true, "type": "vhash", "uuid": "1e6d08c3-7595-4b51-9368-58ab31b3f340", "value": "115066655d155d055018z599z9bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305745", "to_ids": true, "type": "filename", "uuid": "d0c30df3-cd32-46be-b075-c403b64db66c", "value": "humpvewjs.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305745", "to_ids": false, "type": "text", "uuid": "f620a6e5-d613-4e00-96c8-c778ff38586b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:38:07.000000+00:00\nLast Submission:2026-04-20T23:38:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544592", "uuid": "a6eb3fd2-3681-4bc8-a98d-46819f26f847", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544591", "to_ids": true, "type": "md5", "uuid": "622edecd-f2a8-4034-930d-ee0c735c4a59", "value": "69743ef69f9c8c12ee429b5fe4e1915c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544591", "to_ids": true, "type": "sha1", "uuid": "2323cadb-f5b9-402d-8a02-15f9b222f4e0", "value": "6fbe6168d4f2d96dfdcd5cb310a10d38fe7115db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544592", "to_ids": true, "type": "sha256", "uuid": "edc22cf7-8763-4f5a-8cdc-b6e3f671ef67", "value": "ec9e76913821e91992d130b5fc970167c23a02cb581659aa661c59671292d905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305767", "to_ids": true, "type": "ssdeep", "uuid": "3b7fb93d-3c88-44a9-a7fc-af55807cc5dc", "value": "3072:Y1KxFQOjauRGL0iQbqQuCHfhuT/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCA:2EQ2aEgMqQuC/d/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305767", "to_ids": false, "type": "size-in-bytes", "uuid": "cb27a567-1991-41a1-b4a5-4de0307d19bc", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305767", "to_ids": true, "type": "vhash", "uuid": "328fe05c-f5f5-4b3d-aa45-1e0cc598eef9", "value": "115066655d155d055018z587z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305767", "to_ids": true, "type": "filename", "uuid": "2af4340a-3410-4346-892b-e58d46b8cacb", "value": "ec9e76913821e91992d130b5fc970167c23a02cb581659aa661c59671292d905.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305767", "to_ids": false, "type": "text", "uuid": "b8353f71-8b7a-490c-9aa8-45c460e92ca1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:31/72\nFirst Submission:2026-04-20T23:12:13.000000+00:00\nLast Submission:2026-04-20T23:12:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544594", "uuid": "f1981a06-5001-41ce-b07b-e8ca20867c46", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544594", "to_ids": true, "type": "md5", "uuid": "701aa27e-2c43-45f1-9ae2-7cca505307cf", "value": "af3e9e1e75319ed62d0cb8b4cff58fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544594", "to_ids": true, "type": "sha1", "uuid": "e9ba1705-54a3-432e-899b-7349fef5bb3e", "value": "f837575f4dc53df70989c3fe1370a57cef439a70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544594", "to_ids": true, "type": "sha256", "uuid": "9f741a2f-1ff8-49fe-86fd-da3a6894fdc5", "value": "5159e64427e5c6d2f9c4132fb2bc565a7216746057aed1da3e949c58af640c40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305789", "to_ids": true, "type": "ssdeep", "uuid": "4ecaa00c-6d92-418b-8862-2ca90ab99e2d", "value": "768:rupCKzJ9087oSsKSagbeFB9W8HO+htFZeq:ruIK7lYAFB9W8HO+7Leq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305789", "to_ids": false, "type": "size-in-bytes", "uuid": "b472b1e3-4e85-4485-9a8e-af2d829935ca", "value": "39936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305789", "to_ids": true, "type": "vhash", "uuid": "9ea9f82a-2593-46be-8289-3536e8bfda22", "value": "23403655151180772f110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305789", "to_ids": true, "type": "filename", "uuid": "768d97a9-18bb-49d7-a11d-731527c6b291", "value": "XWormClient.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305789", "to_ids": false, "type": "text", "uuid": "a09af2cf-21e1-41ff-a133-c0174500fc26", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:58/72\nFirst Submission:2026-01-07T20:14:47.000000+00:00\nLast Submission:2026-04-20T23:57:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544597", "uuid": "85c802ab-9711-41d8-82c5-d238673b0222", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544596", "to_ids": true, "type": "md5", "uuid": "4b548b3c-fe06-4944-8464-56c07ca3d91d", "value": "bb023111a5dfe62647271d08ff2debd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544597", "to_ids": true, "type": "sha1", "uuid": "9310997c-6bad-4fb5-8037-192cd1ff9a70", "value": "1b35accc6b7de90255277b8479b764fba67147c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544597", "to_ids": true, "type": "sha256", "uuid": "57d8b353-9e32-4927-b4c0-76861441fe73", "value": "8ddd6e201bab408a029d92729e216654619d9fa0cdf1cc24614823a6362529a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305811", "to_ids": true, "type": "ssdeep", "uuid": "e3bc8bc2-ef35-482c-83c8-ac6dc37ccd22", "value": "3072:asaXw+09r822QGFAQbxp1bgLJJAOjzJoyfm2GgzskZpgyzfWHRzC9aiD1hI1ml:Ra0l82BJMxp1bWPbrl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305811", "to_ids": false, "type": "size-in-bytes", "uuid": "7ca42ace-8ac8-4f3f-85e7-fb7704fa3b7e", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305811", "to_ids": true, "type": "vhash", "uuid": "59f963d4-23f4-485f-a375-154a8305ea94", "value": "115066655d155d055az557z2095z13z41z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305811", "to_ids": true, "type": "filename", "uuid": "9d629dd2-eae0-4bb7-9e1f-a0d27e45456f", "value": "8ddd6e201bab408a029d92729e216654619d9fa0cdf1cc24614823a6362529a7.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305811", "to_ids": false, "type": "text", "uuid": "93582eb3-bf64-4486-a877-e4fbcf0455bd", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:02:19.000000+00:00\nLast Submission:2026-04-20T23:42:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544600", "uuid": "96c6d993-e62a-4eb7-bf00-41e7ad4f7981", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544599", "to_ids": true, "type": "md5", "uuid": "fb09da9d-f038-4760-8167-9f25fc97f770", "value": "ea12c9ddca308f888c01a5c654e286b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544599", "to_ids": true, "type": "sha1", "uuid": "0158c955-6d54-4d2b-8b50-da9b2dd53ee3", "value": "d09d4f4a2f3cfe171572fab90bbed243a9f4de20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544600", "to_ids": true, "type": "sha256", "uuid": "692189bf-e970-4099-b480-0623492cfb7b", "value": "db1b906d14e30bcc140b8decfc3bfa598bcd66914c5bf17daae482aa1a0ddaf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305833", "to_ids": true, "type": "ssdeep", "uuid": "74f00b0d-4f30-4e35-83dd-d3d38ff4013e", "value": "3072:jx25AkXaFxZpAnRFQwnLdVQezDZ4CNx5qVpdckVPxIiTlpabnu2:jpkXIzKFpnLkAbH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305833", "to_ids": false, "type": "size-in-bytes", "uuid": "27c7066a-18ca-487a-886b-e5b1cd951aa9", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305833", "to_ids": true, "type": "vhash", "uuid": "88c10075-6840-4fc8-ae75-bf68b41a5e86", "value": "115066655d155d055018z5bnz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305833", "to_ids": true, "type": "filename", "uuid": "2e64539f-3288-46c6-962a-fc066a64e00c", "value": "db1b906d14e30bcc140b8decfc3bfa598bcd66914c5bf17daae482aa1a0ddaf3.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305833", "to_ids": false, "type": "text", "uuid": "daaf2a2b-1065-401b-acac-34712af2bd5c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:12/72\nFirst Submission:2026-04-20T23:25:13.000000+00:00\nLast Submission:2026-04-20T23:25:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544602", "uuid": "c0d46ec2-141b-4a19-ad11-583c4fe4130c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544601", "to_ids": true, "type": "md5", "uuid": "55eb8c47-bbab-46ad-9622-b5cd434fcd50", "value": "0859f93ed53ac3cceb08f99a6764f653", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544602", "to_ids": true, "type": "sha1", "uuid": "5059a6d5-b49d-4ee2-b032-3de0f9c6eef5", "value": "a5ccf263218cc595e9bb04401716aa4f2f69d966", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544602", "to_ids": true, "type": "sha256", "uuid": "10d8ecfd-af68-4fb1-886b-1f7d6b8678a6", "value": "0e90a3a7cfa876bb10a2e8711bbff64955f709b39df6abb3aa76f85328fc6a91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305855", "to_ids": true, "type": "ssdeep", "uuid": "98372386-65a1-4432-a1f6-39d78edb4041", "value": "384:4caOs9z9mk5crff4txw7FV8LFJymckVPxIiTR+uTALMy:4XOs9z5c3gxOFasmckVPxIiTR+uY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305855", "to_ids": false, "type": "size-in-bytes", "uuid": "bd92a5b4-cdc7-4454-bcfc-7fc37ad09100", "value": "18432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305855", "to_ids": true, "type": "vhash", "uuid": "5e5f19d0-0c0e-48ad-aae4-a01ad977e76e", "value": "1140b76d1515151c051d1048z140elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305855", "to_ids": true, "type": "filename", "uuid": "5b9ce79a-d0bc-4b7c-8cd6-9ca76181e058", "value": "0e90a3a7cfa876bb10a2e8711bbff64955f709b39df6abb3aa76f85328fc6a91.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305855", "to_ids": false, "type": "text", "uuid": "0e828a0b-6187-481b-9380-9c635a6fe760", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:33/71\nFirst Submission:2026-04-20T23:26:18.000000+00:00\nLast Submission:2026-04-22T09:50:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544605", "uuid": "4b427021-8431-4fc1-9736-3a2216cf6d7f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544604", "to_ids": true, "type": "md5", "uuid": "70b4b172-921a-4a62-b29a-f41f6e05e8be", "value": "5f2e99c2311084b7beb7df3c777e5916", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544604", "to_ids": true, "type": "sha1", "uuid": "9c62a7f6-84fb-4713-a36b-8968717a21b2", "value": "0848123f3202573ee65759e1f986700413637636", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544605", "to_ids": true, "type": "sha256", "uuid": "add6ab0a-d91c-4e26-9a10-7acac4ffc88d", "value": "eedf929ce50aff947f4531b632cb27b025e4340553cdbec0834a9b5193ee4c70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305876", "to_ids": true, "type": "ssdeep", "uuid": "f0d42a7d-480d-41d3-b394-8cf61a540b9f", "value": "3072:UXU5V3RNUOiGyAQbnA8i9tUoyfm2GgzskZpgyzfWHDrB7ijPGyuIWCmvVyHXvGOB:4e3bUT+MnA8i7uDvqQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305876", "to_ids": false, "type": "size-in-bytes", "uuid": "0bcb47d9-97ff-4495-a62d-7f4854e1cf4d", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305876", "to_ids": true, "type": "vhash", "uuid": "21c1491c-d7db-4e96-8e45-20b452ccc150", "value": "115066655d155d055048z517z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305876", "to_ids": true, "type": "filename", "uuid": "1fa4e742-e081-4bb1-8e44-54113a31655c", "value": "eedf929ce50aff947f4531b632cb27b025e4340553cdbec0834a9b5193ee4c70.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305876", "to_ids": false, "type": "text", "uuid": "ca2cffd8-288f-4151-a126-5303bd7ecd74", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:09:34.000000+00:00\nLast Submission:2026-04-20T23:09:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544607", "uuid": "bd306bb9-2968-4a91-abd1-6825a68ccce1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544607", "to_ids": true, "type": "md5", "uuid": "72c08557-3fcc-47c8-a5c5-e912e2e84aaf", "value": "0f5cde4ba4ffaa4e4f88027ef5224708", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544607", "to_ids": true, "type": "sha1", "uuid": "794bb126-cc4b-4e84-a4e4-2214d0066a42", "value": "f620e954460e9a4dae914de3482335858d00c7c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544607", "to_ids": true, "type": "sha256", "uuid": "e41739cf-2e7d-47fc-82da-a7e1b0c2d087", "value": "620b8d01bf42ea689a25e6a43647d74528522577bb452f3860061372fca5cd39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305898", "to_ids": true, "type": "ssdeep", "uuid": "057e47f1-970e-4394-b97e-1c6e9af4c56c", "value": "3072:BbExtkjkGpGjjQbaQRWWyg41/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCMmi:BWtckU0MaQRWhgruxH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305898", "to_ids": false, "type": "size-in-bytes", "uuid": "c9b2ce16-9ad2-4c94-88c2-b06329d191a1", "value": "107520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305898", "to_ids": true, "type": "vhash", "uuid": "aa51de76-ab6e-43e2-a4cf-c69fd08d5bfd", "value": "115066655d155d055018z597z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305898", "to_ids": true, "type": "filename", "uuid": "ce34c81f-ad35-4f6d-bcfc-c5662e1a01c0", "value": "620b8d01bf42ea689a25e6a43647d74528522577bb452f3860061372fca5cd39.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305898", "to_ids": false, "type": "text", "uuid": "5c8a0dd7-01e1-479c-b360-b09428a5f8b3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:30:03.000000+00:00\nLast Submission:2026-04-20T23:30:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544610", "uuid": "4999cd62-68ff-41b7-a629-68ba38d9a106", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544609", "to_ids": true, "type": "md5", "uuid": "2fda9a00-00ca-4e69-99b8-7ce23634c4a2", "value": "0dcb5f70f62d0db0bb71f3da34c2a609", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544610", "to_ids": true, "type": "sha1", "uuid": "c8d05c0f-8e66-4d2b-9d12-a7e17a284f9d", "value": "b61eae27f427baffa51011c05aad728eb8f81c22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544610", "to_ids": true, "type": "sha256", "uuid": "725a0091-17ba-47cf-9c96-d070a84450eb", "value": "670958509e42762881ec0518a598330663cf7f1d91aa03c7a01f52faebc1923f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305920", "to_ids": true, "type": "ssdeep", "uuid": "ce554eea-63e2-49d9-81cf-fef3ce623d18", "value": "3072:Wew8YHakpvHSwyBHrVQezDZ4C0x5q9MPWlS:G8YlIwCueS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305920", "to_ids": false, "type": "size-in-bytes", "uuid": "b13115e7-1445-4bb7-87e5-2561e63ef0ef", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305920", "to_ids": true, "type": "vhash", "uuid": "46dcc7b0-b218-406b-84d4-a9c591179436", "value": "115066655d155d055018z5bnz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305920", "to_ids": true, "type": "filename", "uuid": "80ed8824-7462-4dc9-8e9e-87f0d2bbe237", "value": "670958509e42762881ec0518a598330663cf7f1d91aa03c7a01f52faebc1923f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305920", "to_ids": false, "type": "text", "uuid": "0d71e6c3-7d48-4fd3-a023-819bbfb89cda", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:07:37.000000+00:00\nLast Submission:2026-04-20T23:07:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544613", "uuid": "3fb44112-827d-44a7-880d-f82b939f80c2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544612", "to_ids": true, "type": "md5", "uuid": "3f0a811d-91a4-4ef6-b1fc-a3a8b02e0d2f", "value": "424d1a2cf051133099c625cdd081d63f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544612", "to_ids": true, "type": "sha1", "uuid": "8077c611-6ee1-4173-9766-da0ab55a23ae", "value": "d77c23f54c91de1ee4ef896e996bed52e48a06d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544613", "to_ids": true, "type": "sha256", "uuid": "f9b030ab-a71b-4bff-9430-450c96d14c2b", "value": "56a293b29b0147a25d20dc475407f56da8fad99ad07fb18357c90413881b5ced", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305941", "to_ids": true, "type": "ssdeep", "uuid": "c13451d9-a6d6-4fa1-91e0-b9adbced1cd9", "value": "384:eQL75gwVpuuIzSlgRg3J6LN8n4eMFbVcp/6AaK2MAU07pkFMAfNLTYOZwp3V2v9u:rLFgGJ+mn43xcOMvbFJ9YHOMhZ35zp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305941", "to_ids": false, "type": "size-in-bytes", "uuid": "89cbf6a3-ca25-4aea-9f13-fe31bcfb399a", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305941", "to_ids": true, "type": "vhash", "uuid": "8a56197c-00da-4a6e-8b68-188e0e1a3751", "value": "23403655151170772b110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305942", "to_ids": true, "type": "filename", "uuid": "234a7e6f-e50e-4ff3-a085-93289387cb1d", "value": "Today.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305942", "to_ids": false, "type": "text", "uuid": "aa913a22-9c3a-4288-98d4-0debaf243fe9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:58/71\nFirst Submission:2026-04-20T23:09:57.000000+00:00\nLast Submission:2026-04-20T23:09:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544615", "uuid": "a19eea63-01f2-4b92-9494-a58d9dd2b7a8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544615", "to_ids": true, "type": "md5", "uuid": "b5449378-5c6d-41da-9852-804c8f466528", "value": "1bab0f0fed886bae81cca815390fed38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544615", "to_ids": true, "type": "sha1", "uuid": "c8594c72-6166-4eda-b86d-573620be8d3f", "value": "5088907f7f2d858ef233a50a07657d402cd7e410", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544615", "to_ids": true, "type": "sha256", "uuid": "5768a2c5-9806-46ef-ab28-2a30f5b8c9a1", "value": "6799bddeca70aec908aca05a7f56df7fc0b86773ee38100ac1928ed3f8323bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305963", "to_ids": true, "type": "ssdeep", "uuid": "6b810488-ed4f-4112-9365-cca4b9b5fa82", "value": "12288:iSGuIuF0MV/VSU5s11yuTUHaaPC+6P/to0Z5Qxr:XGuNF0MV/VSU5+1yhHaaPX6P/trZ5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305963", "to_ids": false, "type": "size-in-bytes", "uuid": "aaf6623d-f7fa-4a0b-83db-023e34c53555", "value": "649216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305963", "to_ids": true, "type": "vhash", "uuid": "ff54024e-7080-46b5-bb62-1e09017bf68a", "value": "065066655d1555155225za00ac7z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305963", "to_ids": true, "type": "filename", "uuid": "3e6c8f0e-c18c-4319-8849-5daa0820c937", "value": "dntlk0.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305963", "to_ids": false, "type": "text", "uuid": "c0307dae-d98c-4a43-b5b3-1328edabd93f", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:59/72\nFirst Submission:2026-04-20T23:10:22.000000+00:00\nLast Submission:2026-04-21T13:25:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544618", "uuid": "1056ede0-69e7-4390-8715-a3d5f462d87c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544617", "to_ids": true, "type": "md5", "uuid": "1aaeed58-0600-499f-a6ff-f7cde6b66d8a", "value": "c4462c9d076f107a01d72428a9fba165", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544618", "to_ids": true, "type": "sha1", "uuid": "370f6bc4-6a3c-4570-80a3-8497239ed23b", "value": "357a1efe11dc2906df444b80400cefbfacf3e406", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544618", "to_ids": true, "type": "sha256", "uuid": "5e41c34e-8683-4e2c-8923-8c0b40b6c9c5", "value": "9996c2e43037f9099838de7fb185f12b3bfe093c421975664ca6713a326e47e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777305985", "to_ids": true, "type": "ssdeep", "uuid": "0e9c68ec-ee46-43e8-ba86-c70a11b78dfe", "value": "6144:benAynDOX0tyLOWr1qulE01ooayvSXP61Ie8FQcf+PV5wo9GigQuCgHQSBZCcsYd:iAyEvYuGT61IHGv19l+IcBfd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777305985", "to_ids": false, "type": "size-in-bytes", "uuid": "a4b1985f-bddb-4543-97e9-efd86f6285af", "value": "460288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777305985", "to_ids": true, "type": "vhash", "uuid": "804a65e1-89a9-476c-9e89-971513e7d96e", "value": "2450367d1511f08e53151090" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777305985", "to_ids": true, "type": "filename", "uuid": "b608b790-0df5-46cd-9fcd-1c03507f5ab8", "value": "XWormClient2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777305985", "to_ids": false, "type": "text", "uuid": "0428c420-3078-4701-a162-cc7da02e3ac7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:51/72\nFirst Submission:2026-01-27T05:11:43.000000+00:00\nLast Submission:2026-01-27T05:11:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544621", "uuid": "f4d027b1-5cdd-40a7-a7dc-53847111f1bc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544620", "to_ids": true, "type": "md5", "uuid": "25abcd1f-6938-4a96-af59-593e6f6a317c", "value": "dc76d20568ea56e8b9d9738258ecb484", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544620", "to_ids": true, "type": "sha1", "uuid": "a986c808-1461-41c0-9f19-30ebb5cc7a4c", "value": "f6bb6ceb4f9adce06fddb0205f8679b03b37b23a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544621", "to_ids": true, "type": "sha256", "uuid": "06e70ee8-8fc0-454e-a201-40ff70b77f12", "value": "3b95e76c37a72eda5493f659f21ef23a507ccaae946ece142356d326771c2fff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306007", "to_ids": true, "type": "ssdeep", "uuid": "9e07f2f4-5dd0-4c90-a2fd-02edeb642f0e", "value": "3072:rwT2rozS/j+GGuEQbhAD7GWFnATME5JAC/T/2njLhbCDvmSOo2iePG3ufWC+vrX2:pou/jLyMhAD7dU+Q0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306007", "to_ids": false, "type": "size-in-bytes", "uuid": "28ccbbb5-cd68-4467-8e00-339c04e1f7e7", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306007", "to_ids": true, "type": "vhash", "uuid": "dfda2186-2692-4fd4-a6d1-a99f546cd4e2", "value": "115066655d155d055az517z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306007", "to_ids": true, "type": "filename", "uuid": "5c774c2b-749a-4ecc-a8d0-d1b5cb18928a", "value": "3b95e76c37a72eda5493f659f21ef23a507ccaae946ece142356d326771c2fff.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306007", "to_ids": false, "type": "text", "uuid": "1c9fb504-2087-4bb1-b9d9-c7ab6fb6477f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:39/72\nFirst Submission:2026-04-20T23:11:33.000000+00:00\nLast Submission:2026-04-20T23:11:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544623", "uuid": "bc836191-fa86-4e7a-bbe3-4a61f25eb87c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544622", "to_ids": true, "type": "md5", "uuid": "218ccc42-0d22-4792-8dbc-ee1eb5302b08", "value": "5a8b1fe97f536b78a8f8faed1d168b8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544623", "to_ids": true, "type": "sha1", "uuid": "442295d1-99b2-4ce4-9384-8d91bb7562ed", "value": "96f1dce0a70aa856916c71f4188576854343318a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544623", "to_ids": true, "type": "sha256", "uuid": "f92a33be-99ed-4ea6-b8df-797a943cf815", "value": "a1a15f6d3c172e29e991bcb274f6c47a2ee45614224ffbccfcec39113a3bd078", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306028", "to_ids": true, "type": "ssdeep", "uuid": "f82f4a00-9955-4dc9-a27e-b94518c38416", "value": "12288:ySGuIuF0MV/VSU5s11yuTUHaaPC+6P/to0Z5Qxr:nGuNF0MV/VSU5+1yhHaaPX6P/trZ5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306028", "to_ids": false, "type": "size-in-bytes", "uuid": "9d7c33b5-1d2c-427c-8b99-6619208cf36a", "value": "649216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306028", "to_ids": true, "type": "vhash", "uuid": "9938745a-0f4d-4f1f-b6c9-e48f1c2ba1af", "value": "065066655d1555155225za00ac7z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306028", "to_ids": true, "type": "filename", "uuid": "641b18b7-0985-42b1-88dc-57fabbb04d6f", "value": "xa1a15f6d3c172e29e991bcb274f6c47a2ee45614224ffbccfcec39113a3bd078.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306028", "to_ids": false, "type": "text", "uuid": "7ab2a7ea-d3e6-4797-a384-ec40b682c0d1", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:57/72\nFirst Submission:2026-04-20T23:11:57.000000+00:00\nLast Submission:2026-04-21T13:35:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544626", "uuid": "a212e2f0-bc78-4fcc-ad54-a8668a637354", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544625", "to_ids": true, "type": "md5", "uuid": "a6b2eecf-6fce-427f-a105-2d6e6fb9e1cf", "value": "942e4f07b71c2d8f0294d0aea990e86d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544625", "to_ids": true, "type": "sha1", "uuid": "f8edc703-b201-41c3-90d5-ba56ddac72d3", "value": "83ba82968f3cc8d73320c58e032eb810baf43904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544626", "to_ids": true, "type": "sha256", "uuid": "901f4f33-499f-4c7d-97ee-b906bfcf9101", "value": "e4a41a7b0264270abcab9d10dd303a08f29560df0f05a89b346e1ad08804a82b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306050", "to_ids": true, "type": "ssdeep", "uuid": "3448ed4e-b644-418c-9da2-ab53f53d7943", "value": "3072:w3QQah85ZpA4rwgw3LbVQezDZ4Ckx5qV+ckVPxIiTlp6S:iaabDw536XsS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306050", "to_ids": false, "type": "size-in-bytes", "uuid": "e4bf9381-8361-48be-97cc-ff79344a7c87", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306050", "to_ids": true, "type": "vhash", "uuid": "57299834-8cc0-4984-9067-c07874735fef", "value": "115066655d155d055018z5bnz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306050", "to_ids": true, "type": "filename", "uuid": "1b633313-2560-472d-b74d-db4969c7c00f", "value": "e4a41a7b0264270abcab9d10dd303a08f29560df0f05a89b346e1ad08804a82b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306050", "to_ids": false, "type": "text", "uuid": "96f2a20d-9e14-481c-8adc-c051e3f9b26d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:37/72\nFirst Submission:2026-04-20T23:12:21.000000+00:00\nLast Submission:2026-04-20T23:12:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544628", "uuid": "415f5f04-e22e-43c2-9874-f94dd9559fe1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544628", "to_ids": true, "type": "md5", "uuid": "e38b85a1-ad7f-416e-bce0-50d9adb577b5", "value": "b215e2ef9d939d56e3054ed235a28bab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544628", "to_ids": true, "type": "sha1", "uuid": "f823008e-205c-4bbf-a170-e91bdbd65a09", "value": "e4ffbd89b910d06f7706544ab92cc2e84148dd58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544628", "to_ids": true, "type": "sha256", "uuid": "803f8f00-475d-4f7e-9c8a-085a41b1d6fd", "value": "37e340f144e894e813c9a30612696e86dad22495ac59013db5317167ffbe7c0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306072", "to_ids": true, "type": "ssdeep", "uuid": "336c4309-4102-4bb2-9f09-6e0ef1c5e52a", "value": "3072:MKmOMURgcHsllLoWhb4Kw78ip8wnZw/giCN:MKmdURgQ0oMEKKGwnQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306072", "to_ids": false, "type": "size-in-bytes", "uuid": "dbfb5b32-28be-445b-b67b-9df43f28e414", "value": "168960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306072", "to_ids": true, "type": "vhash", "uuid": "624e1dac-db07-430d-8012-fe0e3b05a73d", "value": "0150a76d1555551c0d1d1018z2431lz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306072", "to_ids": true, "type": "filename", "uuid": "710ba87a-7d93-4062-9bf6-c4d81d71af48", "value": "37e340f144e894e813c9a30612696e86dad22495ac59013db5317167ffbe7c0d.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306072", "to_ids": false, "type": "text", "uuid": "de9798d0-db57-4f61-9757-26896ce931f4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/EvelynStealer.KX!MTB\nVT Total Detection:51/71\nFirst Submission:2026-04-20T23:06:15.000000+00:00\nLast Submission:2026-04-20T23:06:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544631", "uuid": "d677d317-f5f4-48f2-8372-f708f35659b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544630", "to_ids": true, "type": "md5", "uuid": "c3e4684d-2355-479e-961a-5cd5773719c0", "value": "7ef877e047de4c6f017e704fe5ec4f51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544630", "to_ids": true, "type": "sha1", "uuid": "09f43532-2527-496c-a41a-f00447b0190f", "value": "37e51f83b9a2656a3ecb73ba87031eb189f97e1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544631", "to_ids": true, "type": "sha256", "uuid": "bd550a89-aff1-427a-a26b-8ab470fc5a26", "value": "418e962e7aa2a3f2a63f71cb37ed8a840f7fbe931a1d82d6d6a46b5a7ea0e48e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306094", "to_ids": true, "type": "ssdeep", "uuid": "7171eff4-bda1-415d-87a3-d912bba18464", "value": "3072:MSVcICuMt+4W7RFajC/EDiOYMGVammxA6Yy9SqBKtou+QG/XyWgMhWlnM2d:MdICuqJ2R1jZaRA659iow0tJh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306094", "to_ids": false, "type": "size-in-bytes", "uuid": "b3a8d497-8407-4844-a2fc-9a34d86cf40c", "value": "201216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306094", "to_ids": true, "type": "vhash", "uuid": "00b3a44d-a1b0-42c7-b023-475123a00f24", "value": "0250a76d1555555c0d1d1038z3c3afz13z1032z117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306094", "to_ids": true, "type": "filename", "uuid": "6f5b4343-1f06-4acc-b3a3-a00b6098bc3c", "value": "q4uqjg98.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306094", "to_ids": false, "type": "text", "uuid": "c01f9deb-3c77-42af-a014-1527343d1a31", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/BroPass.AH!MTB\nVT Total Detection:50/71\nFirst Submission:2026-04-20T23:05:52.000000+00:00\nLast Submission:2026-04-20T23:05:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544633", "uuid": "c62e5887-f035-4043-aac4-8240ce0866e3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544633", "to_ids": true, "type": "md5", "uuid": "97b044f4-244c-4850-b802-c8a41f8932f5", "value": "bb7bc068abe3e79a1de6b3c56e8746f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544633", "to_ids": true, "type": "sha1", "uuid": "b478d6b8-6f57-4397-ad50-4a4077e00cf5", "value": "852858d2c829624260c6c972d417c1bf5eda95f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544633", "to_ids": true, "type": "sha256", "uuid": "429e06cf-dd41-4831-a819-db29858e9566", "value": "488e7c2316bfce9144a6598718447709018e084e5c920b5ffb53d428024314ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306116", "to_ids": true, "type": "ssdeep", "uuid": "fdb9ca7c-d875-4045-91b1-071e6222e897", "value": "3072:9FuOrYPZmKGpenRDIxLedtqBzUSckVPxIiTjz0:lYhE4IxP70" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306116", "to_ids": false, "type": "size-in-bytes", "uuid": "868d4bb3-bf16-4807-a496-dac2278b7653", "value": "112128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306116", "to_ids": true, "type": "vhash", "uuid": "47d8236c-b909-435e-8552-78b8de5a67e2", "value": "115066655d151d055018z5fhz13z41z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306116", "to_ids": true, "type": "filename", "uuid": "fc582ad5-df5c-4ba6-9c0e-ec51cd33ee2f", "value": "488e7c2316bfce9144a6598718447709018e084e5c920b5ffb53d428024314ac.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306116", "to_ids": false, "type": "text", "uuid": "b833e35b-bca3-47d4-9a6e-ab0f5e97c30a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:40/71\nFirst Submission:2026-04-20T23:06:38.000000+00:00\nLast Submission:2026-04-20T23:06:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544636", "uuid": "18ba1bca-5b2b-44f1-bb76-4600972512df", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544635", "to_ids": true, "type": "md5", "uuid": "bd5028bf-800b-4962-90c4-a51b5d08719a", "value": "b35439282cc8507699b782af402011a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544636", "to_ids": true, "type": "sha1", "uuid": "06d36e6c-75f9-4461-84fb-41f06515595a", "value": "3ffe6d90ec0c522ca901fe9e1717d7e5029e6a3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544636", "to_ids": true, "type": "sha256", "uuid": "0959caa5-6bc3-4791-8eff-07f1bc81b0e2", "value": "6076993eef5770d9c25b5575ea3d4187ec35d9eca4243aab4c11d7057264a302", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306137", "to_ids": true, "type": "ssdeep", "uuid": "aadcd6ec-776a-4eb0-960d-cf3af21edb9e", "value": "3072:vecY1jiseG9oPQbcJ7w57IjhTK12CQncK:8cseTMcJM50VKOx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306137", "to_ids": false, "type": "size-in-bytes", "uuid": "843199da-11eb-4f91-8826-9b88e60d0ea2", "value": "111104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306137", "to_ids": true, "type": "vhash", "uuid": "e8d9a708-c23d-48cf-894e-f836e0f12de9", "value": "115066655d155d055088z587z2095z23z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306137", "to_ids": true, "type": "filename", "uuid": "a279d35b-485b-4d68-920a-ef705494f4d6", "value": "6076993eef5770d9c25b5575ea3d4187ec35d9eca4243aab4c11d7057264a302.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306137", "to_ids": false, "type": "text", "uuid": "69958275-1699-430d-bba3-0f23d1376283", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:07:02.000000+00:00\nLast Submission:2026-04-20T23:07:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544639", "uuid": "9b21d41c-b825-43a5-a69f-f3c96ec78c14", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544638", "to_ids": true, "type": "md5", "uuid": "bdd0f79c-7422-4622-a96c-c5a460b7512b", "value": "99b33c3972f37468103b89b035480c60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544638", "to_ids": true, "type": "sha1", "uuid": "b951c588-a837-455f-8dbe-b30e6fa7a5c1", "value": "cf2b7117e4a1e9453b38696b65e602c5056cb630", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544639", "to_ids": true, "type": "sha256", "uuid": "d552f6d1-8bc7-4d94-a3e9-cfa78434ad72", "value": "07129fa1858208cbdc18e9905ff5ad6e1e1e818b6c9a2bd8b9ec7e9361fe0b42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306159", "to_ids": true, "type": "ssdeep", "uuid": "1d36ae71-3c64-4d22-82a2-f26210febdf8", "value": "49152:rvbI22SsaNYfdPBldt698dBcjHvCxNESEik/i+LoGd1fTHHB72eh2NT:rvk22SsaNYfdPBldt6+dBcjHax1g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306159", "to_ids": false, "type": "size-in-bytes", "uuid": "787beafb-3af4-4115-9c0f-b5670b0c9569", "value": "3266048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306159", "to_ids": true, "type": "vhash", "uuid": "9c8ef279-e65a-4fdd-a0a5-08c5185e94ee", "value": "236036655516102d31ffff221e5bc5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306159", "to_ids": true, "type": "filename", "uuid": "bbdbaad2-ce21-4dbd-84bc-e6388c8fa4cd", "value": "Client.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306159", "to_ids": false, "type": "text", "uuid": "1771c0c7-081d-48d1-b743-0e95a50f94c8", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Quasar!atmn\nVT Total Detection:59/72\nFirst Submission:2026-04-20T23:07:28.000000+00:00\nLast Submission:2026-04-20T23:07:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544641", "uuid": "6a560071-7246-41f3-8850-710a7f7998b1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544640", "to_ids": true, "type": "md5", "uuid": "d278fbfe-0af0-44e6-ab54-66dbb841559c", "value": "ffb872c4670afb0cce809ea72d2882b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544641", "to_ids": true, "type": "sha1", "uuid": "efec73d5-cb8e-4841-93ad-ac0b940fe432", "value": "c78c0924d0079cc87fbf86f077c998fac4052666", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544641", "to_ids": true, "type": "sha256", "uuid": "3cc185cd-8aa8-40e0-86e0-ac783fd4b04b", "value": "039eb6867f334e0c1fb405a03e8a81bf4d395db84d3ffde3ec249f6a814d5d18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306181", "to_ids": true, "type": "ssdeep", "uuid": "1861600b-aa55-49ec-b553-bb7915ad8bd8", "value": "384:ppaJuqQYbqjpk972V7/AqBZB1FOmLpM4vh0FbOKTCOQKFRApkFTBLTAOZwpGd2vd:+16zY0FPC4vGFbO75KFVFo9jROjhVbI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306181", "to_ids": false, "type": "size-in-bytes", "uuid": "bcfb7350-df68-4539-9b8d-28b315b36091", "value": "33280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306181", "to_ids": true, "type": "vhash", "uuid": "a39f6d7b-7730-43e7-a281-7901fcb7f145", "value": "234036551511707729110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306181", "to_ids": true, "type": "filename", "uuid": "8f998b4b-225a-4955-809f-4f1616d948a9", "value": "XWormClient.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306181", "to_ids": false, "type": "text", "uuid": "17b1a463-4d29-4b9e-bf21-34803600e0d8", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:62/71\nFirst Submission:2026-04-20T23:08:41.000000+00:00\nLast Submission:2026-04-20T23:08:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544644", "uuid": "121bedcc-7a13-48d8-a5d6-24cbd3f25e17", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544643", "to_ids": true, "type": "md5", "uuid": "a194ad11-646d-4108-84e4-2c0ca092c563", "value": "cf81fb35088ac48044c4c09d32a328db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544643", "to_ids": true, "type": "sha1", "uuid": "b1c76528-fb09-49b8-96e8-89309f37c12b", "value": "662339d56e86857a0ba59f007e4c94f731155bbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544644", "to_ids": true, "type": "sha256", "uuid": "f9a70236-85f8-4be8-a4f8-c3966127a4ef", "value": "346edde3c594d4af0f607951ae38f21c8e5ad611419cc7c9e7a2e0c913896581", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306203", "to_ids": true, "type": "ssdeep", "uuid": "a69afbde-eafb-48c9-a3c9-1da47e3be9c9", "value": "768:Iip/WpIabzG8kcWXj0mtSzFWPm9W/OMhDief:Iiwa8zG8kc80m8Fx9W/OMxB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306203", "to_ids": false, "type": "size-in-bytes", "uuid": "2e55b1f9-6f76-4089-8bb0-9db03dce3bb8", "value": "37888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306203", "to_ids": true, "type": "vhash", "uuid": "167ae96f-6190-4933-bf5e-ab02660495cd", "value": "23403655151170772b111020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306203", "to_ids": true, "type": "filename", "uuid": "dcc9f64c-dfbf-4e49-8590-c4862eb0597e", "value": "005.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306203", "to_ids": false, "type": "text", "uuid": "62e9e8dc-da62-46fc-96d7-3f4183c0626a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:57/71\nFirst Submission:2026-04-20T23:07:52.000000+00:00\nLast Submission:2026-04-20T23:28:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544647", "uuid": "6399629e-b7c4-4887-88df-acf7587e871a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544646", "to_ids": true, "type": "md5", "uuid": "c716bee4-d384-4703-857c-56bf4e30ddb0", "value": "df1e311b0fc6441fc11aa77b7666dfcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544646", "to_ids": true, "type": "sha1", "uuid": "3aa36376-09bd-43b2-89c0-1235999f494f", "value": "502e042af677919eda3750d9976247455ebaab9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544647", "to_ids": true, "type": "sha256", "uuid": "e66c9492-71a7-425e-b7de-d6f2edb1a3ed", "value": "c82762647dc8ec40838013752ad4ba14a9a203368af3edfc2d5e8774034f4a6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306225", "to_ids": true, "type": "ssdeep", "uuid": "d5bd5338-5cf5-4be2-bb8a-59c080e02e94", "value": "3072:2ER8njmuYv15ostIyzv52deTP/NSYXXFYw1giCh:h8njm992sm22deL/jXFt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306225", "to_ids": false, "type": "size-in-bytes", "uuid": "db7e93c5-aa36-4880-b5e3-f6dcc4ba296f", "value": "167936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306225", "to_ids": true, "type": "vhash", "uuid": "436849f3-cae7-49c4-8923-fe7735a8a3e2", "value": "0150a76d1555555c0d1d1018z233mz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306225", "to_ids": true, "type": "filename", "uuid": "64c3b485-aa63-4efa-a001-3bf606df8a6b", "value": "c82762647dc8ec40838013752ad4ba14a9a203368af3edfc2d5e8774034f4a6d.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306225", "to_ids": false, "type": "text", "uuid": "c2334de2-d420-48f8-8a38-f113a8683be1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/BroPass.AH!MTB\nVT Total Detection:50/71\nFirst Submission:2026-04-20T23:09:05.000000+00:00\nLast Submission:2026-04-20T23:09:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544649", "uuid": "99d48b77-efa0-4fd2-a1bc-d323b7d05b45", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544649", "to_ids": true, "type": "md5", "uuid": "02cd13fe-ed17-45c5-ae27-146cb322b558", "value": "89d9f8a686844f6136e76a638f8e8ad5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544649", "to_ids": true, "type": "sha1", "uuid": "3dce811f-ca89-457b-b871-95fe5849ef16", "value": "f98444ee1cd1a910ad3ec9ccd93f3937de6a5b1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544649", "to_ids": true, "type": "sha256", "uuid": "bdbc36b6-113d-4598-aab3-578390eb3c0e", "value": "b33446d860a4087f914a6392bfabf24fc3fecf89d6b7ca00779c606c5faa57be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306268", "to_ids": true, "type": "ssdeep", "uuid": "05d120fb-b318-4ae4-9e8a-a49a181a2fca", "value": "3072:47FEVRoWiGqsGQbXAL/QiYk2GWwD80p5wCDvmXT7RLyzfWC+YmSO/2nePGyufbH0:EELobqGMXAL/DYVbp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306268", "to_ids": false, "type": "size-in-bytes", "uuid": "6b35e354-bc98-406c-870b-03290ef63a6c", "value": "105472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306268", "to_ids": true, "type": "vhash", "uuid": "8e585161-29ae-4132-8a1f-92c496975893", "value": "115066655d155d055048z4c7z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306268", "to_ids": true, "type": "filename", "uuid": "bd300a49-4e12-4590-9fcb-30141149a4df", "value": "b33446d860a4087f914a6392bfabf24fc3fecf89d6b7ca00779c606c5faa57be.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306268", "to_ids": false, "type": "text", "uuid": "06bfbdb1-9f91-4275-92e4-0df0a5bf62bd", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:01:30.000000+00:00\nLast Submission:2026-04-20T23:01:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544652", "uuid": "855d8596-882d-448b-9dcf-5839542ed64b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544651", "to_ids": true, "type": "md5", "uuid": "447930b5-4801-440f-9f09-e25b567469b7", "value": "a26f217428185ab07306ce76d19da69b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544651", "to_ids": true, "type": "sha1", "uuid": "9b4ce951-a940-4ee7-aebe-7840cd5bcbeb", "value": "c3bbf86072ca589ccd5618293216a3d039a68463", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544652", "to_ids": true, "type": "sha256", "uuid": "65de8156-31ed-482e-976d-15d20917c471", "value": "76325b81de2828b284611691ebbe14acbd20995ce0768683844da4b8ae984142", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306290", "to_ids": true, "type": "ssdeep", "uuid": "c4b7d820-fe32-40a1-bae3-137ab87b1bee", "value": "3072:516U5V3RNUOiGyAQbnA8i9tyoyfm2GgzskZpgyzfWHDrB7ijPGyuIWCmvVyHXvGS:qe3bUT+MnA8i7EBT26" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306290", "to_ids": false, "type": "size-in-bytes", "uuid": "28495eae-459e-462c-9053-ae8b5cb5f0de", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306290", "to_ids": true, "type": "vhash", "uuid": "4c7ae2ad-d9b7-4ca7-b746-4eb95b9037a7", "value": "115066655d155d055048z517z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306290", "to_ids": true, "type": "filename", "uuid": "7a469d23-8f29-444d-8056-d46f150b242b", "value": "txzq7ln.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306290", "to_ids": false, "type": "text", "uuid": "6ff1870d-6f3f-471b-88bd-b5815ecfccc7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:48/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544654", "uuid": "9e979109-a444-4bcc-b2d0-e6cde5809bb6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544654", "to_ids": true, "type": "md5", "uuid": "1a9aa9c4-e2c7-4200-9894-cc21166bf660", "value": "2749914b9594babaa653025b3d17eec6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544654", "to_ids": true, "type": "sha1", "uuid": "c9c06a1a-727c-497e-bf00-ecef4b13fa37", "value": "00c0e976e55b2b128f5181a87875bb841484d4a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544654", "to_ids": true, "type": "sha256", "uuid": "319fee7c-9bfc-453b-9d23-f165b761dbf0", "value": "7c5f0849bc5e6573662067365845aec75dacf7ae11ff68e12654579a1b607385", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306311", "to_ids": true, "type": "ssdeep", "uuid": "91e203f1-2b61-45f9-aec6-a035a77b4584", "value": "6144:QkgFoEJuquq7VzX5u3WDiOQSZ+20kI2YTbf6zesG6IJ65UJwvy:QDFVJuquqzXbBtzLI2Ycfq05UOy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306311", "to_ids": false, "type": "size-in-bytes", "uuid": "cf1815ca-5540-472c-a66b-ae3bd16842a9", "value": "369664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306311", "to_ids": true, "type": "vhash", "uuid": "f8cde041-ff39-4932-bf88-869e592bb161", "value": "23503665551380833ffe519171d85" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306311", "to_ids": true, "type": "filename", "uuid": "9f8b3940-c159-4d19-9d46-3a25d817b68e", "value": "GRAPHISOFT ArchiCAD 27 Build1" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306311", "to_ids": false, "type": "text", "uuid": "a0bc21fe-e857-4d07-8645-27134d18355f", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Quasar.GG!MTB\nVT Total Detection:57/72\nFirst Submission:2026-04-20T23:33:25.000000+00:00\nLast Submission:2026-04-20T23:33:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544657", "uuid": "93dc8f51-8b46-4b89-bbe4-30f7fbd5ad9b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544656", "to_ids": true, "type": "md5", "uuid": "f6314fd8-9c67-4ea5-9d3d-dbe5759ccb09", "value": "d76884b8720a37ed6aba536354265742", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544657", "to_ids": true, "type": "sha1", "uuid": "9e912436-ab45-4001-96a0-649b876d81e2", "value": "2fd97b597e90f96e5e5a4fdfbdb84a68a5a5ce4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544657", "to_ids": true, "type": "sha256", "uuid": "48da13d5-a4e2-4d48-af48-a9c61c4723e4", "value": "fe8fa9a23b9fe097ac7974020e5fd9a363ef990f90da32957e006c1ec67c5dbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306354", "to_ids": true, "type": "ssdeep", "uuid": "d64f34a1-27af-45c3-8292-844654b94da5", "value": "3072:ahpZR96uepIniy8oKtRVQezDZ4Cc1x5qV5H2nq:a1RMvZy1KYdiS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306354", "to_ids": false, "type": "size-in-bytes", "uuid": "7bc06f87-a41a-413d-9e82-01ddb41e29fd", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306354", "to_ids": true, "type": "vhash", "uuid": "4fcf075c-a88c-479d-a8ec-e166ec714bf3", "value": "115066655d151d055018z5bnz31z49z10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306354", "to_ids": true, "type": "filename", "uuid": "100ad8a9-b435-4ec7-af03-4f2bf8a72741", "value": "fe8fa9a23b9fe097ac7974020e5fd9a363ef990f90da32957e006c1ec67c5dbb.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306354", "to_ids": false, "type": "text", "uuid": "5823c18d-f557-425f-869d-053c9f783c06", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:37/72\nFirst Submission:2026-04-20T23:00:49.000000+00:00\nLast Submission:2026-04-20T23:00:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544660", "uuid": "620b46ba-5511-4266-8462-9b13c85d10e1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544659", "to_ids": true, "type": "md5", "uuid": "64528004-425c-472f-a3b1-61f743ddcee0", "value": "1d2a5020995a2e0d0c2826ceafd2bbc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544659", "to_ids": true, "type": "sha1", "uuid": "967282d1-e343-4d3c-86bd-81d8f4a78dbd", "value": "f4cab35979f2ac74d075e957474d090f6a0643c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544660", "to_ids": true, "type": "sha256", "uuid": "fc00fa79-3706-4bd8-89da-026d15cf8208", "value": "c3b7d2446bac6b40669014ced9749f7c5dc512e9bd8ae3da9969383866e04273", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306376", "to_ids": true, "type": "ssdeep", "uuid": "bd4610fc-df92-4c8f-a95b-a97a660afcc3", "value": "384:7paJuqQYbqjpk972V7/AqBZB1FOmLpMZvh0FbOKTCOQ9sRApkFTBLTAOZwpGd2v0:I16zY0FPCZvGFbO759sVFo9jZOjhqbY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306376", "to_ids": false, "type": "size-in-bytes", "uuid": "19729eed-4928-445e-aabf-f8057d6564bc", "value": "33280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306376", "to_ids": true, "type": "vhash", "uuid": "0366ef76-f83a-4ba9-9844-f3f3af470113", "value": "234036551511707729110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306376", "to_ids": true, "type": "filename", "uuid": "cd0ee725-8202-4198-baa9-e5916a4b3cec", "value": "mail.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306376", "to_ids": false, "type": "text", "uuid": "fcccc2b2-2ebe-4f7a-86ac-38a09fdc2052", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:55/72\nFirst Submission:2026-01-15T06:42:26.000000+00:00\nLast Submission:2026-01-15T06:42:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544662", "uuid": "695378f1-6584-4b7e-8626-42c1d322d319", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544662", "to_ids": true, "type": "md5", "uuid": "d7689841-c99b-45ca-91a0-2e32da6055bf", "value": "e1f607fb30721f2b1b140f99ad83c015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544662", "to_ids": true, "type": "sha1", "uuid": "83ecf473-9a57-4ce2-8339-fa092501986d", "value": "da7724481949a427e79906aa1e2cfa1a4e15cb6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544662", "to_ids": true, "type": "sha256", "uuid": "d19c91d8-a8ef-4d40-bc88-70ca9d4d3dab", "value": "e41f1af836b7573725758186407dbc21293186683e75582563f6760f8aac1a46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306398", "to_ids": true, "type": "ssdeep", "uuid": "25f1d44d-65a2-4eaa-b1b3-fe05adf7b901", "value": "384:sQL75gwVpuuIzSlgRg3J6LN8n4eMFbVcp/6AaK2MAU07pkFMAfNLTYOZwp3V2v9k:NLFgGJ+mn43xcOMvbFJ9YmOMhP35zu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306398", "to_ids": false, "type": "size-in-bytes", "uuid": "56ec7830-007d-4670-b7aa-6fc04de3b0d7", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306398", "to_ids": true, "type": "vhash", "uuid": "281049b2-cdb9-4b48-bcea-1b6174128383", "value": "23403655151170772b110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306398", "to_ids": true, "type": "filename", "uuid": "c986a4ab-bb2e-42e5-b896-8b77e9ab6b69", "value": "TODAY.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306398", "to_ids": false, "type": "text", "uuid": "114b567d-a469-4bf8-b8fb-c0baa179cfb6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:59/71\nFirst Submission:2026-04-20T23:01:33.000000+00:00\nLast Submission:2026-04-20T23:01:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544665", "uuid": "c098a806-e43a-4332-bb6d-0403bd588a75", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544664", "to_ids": true, "type": "md5", "uuid": "9887bf21-ef8c-4a96-85cd-7f80d8e3f46e", "value": "753c2e12a4c339307a61cad737ff25e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544664", "to_ids": true, "type": "sha1", "uuid": "60cbbe93-4ff8-40d1-8fed-c1cce249f431", "value": "83571995d17d8ad65d810aeb4c0152e9f6236a16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544665", "to_ids": true, "type": "sha256", "uuid": "d75e3bfa-92bc-4a74-8f51-0e27c898e1b9", "value": "b6295e8616de387ab9ad8148054eb2207b4e3ce26ac1fc73eddacf81008cd7ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306420", "to_ids": true, "type": "ssdeep", "uuid": "82a058b9-1793-480f-b505-b0582a8d6956", "value": "384:a/l9xaWZtyxtTfzq7wIce82hM1mckVPxIiT+W09uLPR9:a99NZcxtjW73b0mckVPxIiT+Wya" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306420", "to_ids": false, "type": "size-in-bytes", "uuid": "0d428177-1ee1-454f-ac50-0addc783130e", "value": "18944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306420", "to_ids": true, "type": "vhash", "uuid": "a9c9a2d3-a3af-4f46-b3bf-1e9443500837", "value": "1140b75d1515151c051d1az180elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306420", "to_ids": true, "type": "filename", "uuid": "ebced1d0-531d-4abd-8af5-d4e6eba934c8", "value": "b6295e8616de387ab9ad8148054eb2207b4e3ce26ac1fc73eddacf81008cd7ac.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306420", "to_ids": false, "type": "text", "uuid": "caa9a08b-e70b-45e3-a92d-c86dcce3d731", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:33/71\nFirst Submission:2026-04-20T23:03:04.000000+00:00\nLast Submission:2026-04-20T23:03:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544667", "uuid": "1a0d7c9e-de62-4b16-85fa-9542c2839e6f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544666", "to_ids": true, "type": "md5", "uuid": "0d433258-4236-4b3d-b51a-b869ceca80e9", "value": "51f189d205d750ac555b35c04153ab30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544666", "to_ids": true, "type": "sha1", "uuid": "03bdad03-bee1-4de7-b0ca-908f5cbb109e", "value": "445872de19ec5d563a5b1e8e251f13cc9bb472da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544667", "to_ids": true, "type": "sha256", "uuid": "eb32cd5c-4169-438f-ab65-65be5564fba6", "value": "8649b4dc2e8093550c8887ae88bcfb31c034046ecbb9d5318f8f0b6d90382ea6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306441", "to_ids": true, "type": "ssdeep", "uuid": "4686c980-0477-4a07-a4d6-e551c1505792", "value": "384:XpaJuqQYbqjpk972V7/AqBZB1FOmLpM4vh0FbOKTCOQKFRApkFTBLTAOZwpGd2vx:E16zY0FPC4vGFbO75KFVFo9jtOjhUbv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306441", "to_ids": false, "type": "size-in-bytes", "uuid": "6ba388ab-d390-49cf-b6ec-d09e655ede24", "value": "33280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306441", "to_ids": true, "type": "vhash", "uuid": "4ff668e7-254d-45d1-b1be-c7367d82521f", "value": "234036551511707729110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306441", "to_ids": true, "type": "filename", "uuid": "0f9b382d-9bf8-496d-bdb1-193b72871353", "value": "XWormClient.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 26/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306442", "to_ids": false, "type": "text", "uuid": "64a6efbc-c401-4847-bec9-971bc705465b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:61/71\nFirst Submission:2026-04-20T23:03:47.000000+00:00\nLast Submission:2026-04-20T23:03:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544669", "uuid": "300229ed-501c-4c3e-bc8c-1c2ea061a45d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544669", "to_ids": true, "type": "md5", "uuid": "1b4f0a21-599d-4567-b59e-047bb626686e", "value": "ddabb2974a54c17682d39c7588917802", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544669", "to_ids": true, "type": "sha1", "uuid": "eb4b82e8-d703-476d-bd2e-271eff233390", "value": "47b2abb24d053e32e7f3e1c7e0e3a2b04453dce7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544669", "to_ids": true, "type": "sha256", "uuid": "edac6732-3324-4441-8df8-a828e18fc17c", "value": "503018b1cc677b9aaa756db0135c0575091551d3b9682a23072ccfe0538aa53f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306464", "to_ids": true, "type": "ssdeep", "uuid": "afeaf1d3-db5b-4484-aebd-786440334fb7", "value": "768:mu/dRTUo0HQbWUnmjSmo2qMwKjPGaG6PIyzjbFgX3i/Y47yWvsBDZyx:mu/dRTUPE2kKTkDy3bCXS/Y47yWidyx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306464", "to_ids": false, "type": "size-in-bytes", "uuid": "c5dda43d-2b11-4ff9-a0ce-71e543db22d5", "value": "46080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306464", "to_ids": true, "type": "vhash", "uuid": "f6b8ce14-55e8-4af0-bd7d-eabbe1e00596", "value": "244036555511d08d2e1d104c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306464", "to_ids": true, "type": "filename", "uuid": "60ff791f-f9d1-465c-9f64-11e95ac0a275", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306464", "to_ids": false, "type": "text", "uuid": "92043d40-1e43-45fe-a073-ad63ea058bbf", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:62/72\nFirst Submission:2026-04-20T23:04:31.000000+00:00\nLast Submission:2026-04-20T23:22:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544672", "uuid": "080294b9-39a7-491f-aa4c-d80101be9534", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544671", "to_ids": true, "type": "md5", "uuid": "45475032-8853-408e-9e31-731f48904e7d", "value": "76ae96421b0e6d38dd4f1050bea83694", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544672", "to_ids": true, "type": "sha1", "uuid": "6e5c8256-a9eb-4fe0-95a2-6c17b1a938f7", "value": "b1194ed96af58e91d1db190ba21869335cf1cf21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544672", "to_ids": true, "type": "sha256", "uuid": "89faac62-56e6-4ae2-8cc6-5fba07082633", "value": "d34e20740a20eabfda62d108ca73952de194832d28f66ad32cab815405ae777a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306486", "to_ids": true, "type": "ssdeep", "uuid": "9fb47a4d-9c88-440e-a561-bffe569d5002", "value": "49152:sg8RM6cOVZmnn49o6GzEXBX8+QivqASwaPb96OFYPTsVhPEd8GO6RAkH7q6AxquB:l82mlthOHLwa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306486", "to_ids": false, "type": "size-in-bytes", "uuid": "77b72ae6-df73-4b7e-b919-5c4bcb1dd7be", "value": "2502656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306486", "to_ids": true, "type": "vhash", "uuid": "fc1fcbe5-4222-45ca-b52d-d1f7e957a284", "value": "0260b76d7575651c0d1d1059zf0alz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306486", "to_ids": true, "type": "filename", "uuid": "5fb61f0b-f043-49f7-8559-99d358a6ae7c", "value": "o00gdtwm.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306486", "to_ids": false, "type": "text", "uuid": "a00a603f-e4be-4dd4-bc2c-28fc3c1aec7b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Lazy.GD!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:04:59.000000+00:00\nLast Submission:2026-04-20T23:04:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544674", "uuid": "5343ff5b-8f8a-49ef-9fff-5e5ff2dd028e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544674", "to_ids": true, "type": "md5", "uuid": "b5b2fd5b-b028-4aeb-8311-94b4c86913ee", "value": "2bbe036639a5aa6227327080de0f7c1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544674", "to_ids": true, "type": "sha1", "uuid": "3cb8c329-06b4-4424-9e66-48b1c90c2881", "value": "d9a279038682721a07224a3f524f616f38fb0761", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544674", "to_ids": true, "type": "sha256", "uuid": "2aafebe1-081e-4902-986c-30bf5a56b36e", "value": "3d011472e7158040f92acf77ca3fcd4ad0ca7491b9211c912b9db6aab6568540", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306508", "to_ids": true, "type": "ssdeep", "uuid": "884ce4dc-1edd-4e66-965f-1c9144b96485", "value": "768:6q7IMhBA/S/0B50guqZI9x7FWPr9QZ9OwhoanHFS:F/Myc50gWFS9QTOwaGHFS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306508", "to_ids": false, "type": "size-in-bytes", "uuid": "47bb452f-5b9f-47f1-969d-14d5b4fd5bba", "value": "39936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306508", "to_ids": true, "type": "vhash", "uuid": "20bc513d-d4f9-415b-8a30-e7b1639df9d3", "value": "234036551511707a2d111020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306508", "to_ids": true, "type": "filename", "uuid": "3253a5b9-4049-49a3-9b75-0cbbadfd9c8e", "value": "Defender.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306508", "to_ids": false, "type": "text", "uuid": "8d88af30-dbf0-47c8-875e-d6eaafe8b212", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:59/71\nFirst Submission:2026-04-20T22:59:52.000000+00:00\nLast Submission:2026-04-20T22:59:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544677", "uuid": "e72784fc-6775-44bf-8f62-1e63636c1393", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544676", "to_ids": true, "type": "md5", "uuid": "2815aeca-c2ca-40b6-abbd-5e2177a4b2d4", "value": "a83c93f199ffb1bb3e074eecf9c4cb1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544677", "to_ids": true, "type": "sha1", "uuid": "17b6d899-e1e2-414f-9d3d-5d3d3f82fa04", "value": "22d66469104bac3b20f04ea707e4b9408dcbfe84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544677", "to_ids": true, "type": "sha256", "uuid": "eafc04b9-188d-41d4-9172-7a5be0d34b37", "value": "66d83b595c5b679a51b59136f4bf81896e503dbbf58156b4a4236a44bf0e8a80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306529", "to_ids": true, "type": "ssdeep", "uuid": "9b4fbfe5-1a89-4e32-9c2d-d67a93a98050", "value": "3072:Y3QQah85ZpA4rwgw3LQVQezDZ4Ckx5qVackVPxIiTlpaB:aaabDw53Df0B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306529", "to_ids": false, "type": "size-in-bytes", "uuid": "45173df2-a104-4bf9-bf67-68f9e5a3f135", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306529", "to_ids": true, "type": "vhash", "uuid": "65efded4-4f03-4a81-85b9-c731db3375b1", "value": "115066655d155d055018z5bnz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306529", "to_ids": true, "type": "filename", "uuid": "d4a1885e-24a4-40c1-8bab-f6f448a5ff14", "value": "66d83b595c5b679a51b59136f4bf81896e503dbbf58156b4a4236a44bf0e8a80.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306529", "to_ids": false, "type": "text", "uuid": "432755f2-9787-45d9-9df2-65925b7c04fe", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:21/72\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544680", "uuid": "d4f24068-ef53-4328-ac79-524d27dd2595", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544679", "to_ids": true, "type": "md5", "uuid": "229be722-7325-43e1-9820-779d88d5a106", "value": "26df83060d7aa09e6adbf8db4739394d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544679", "to_ids": true, "type": "sha1", "uuid": "d94079f0-60a9-483d-a8d2-96429cf991b2", "value": "6a4105d904ad9f68454cda2fd86992cf803780a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544680", "to_ids": true, "type": "sha256", "uuid": "c2a99a73-0a54-41ac-9860-555d1e0204aa", "value": "96f9041d51a3af2adf15f11f146e33eaf194bc04730d41718ad711f068e22306", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306551", "to_ids": true, "type": "ssdeep", "uuid": "1310c7a8-0326-49da-8c37-afb0b767fdd0", "value": "1536:6sppsoWPy6wpnj3VIXQYh/shPvByWEUUq8Wsn5oNogAZ/ZPfcUv9SUKonYw1xxNx:EPyBjgmBWC8WsnGdAvt9SnonYw/giCO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306551", "to_ids": false, "type": "size-in-bytes", "uuid": "31592d89-7631-4af1-9f20-af941e7d6692", "value": "168960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306551", "to_ids": true, "type": "vhash", "uuid": "259f6d91-9b38-460c-a8e1-985de7a68f1e", "value": "0150a76d1555551c0d1d1018z2432lz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306551", "to_ids": true, "type": "filename", "uuid": "5f03748f-5203-4a2b-8483-089406890bdf", "value": "96f9041d51a3af2adf15f11f146e33eaf194bc04730d41718ad711f068e22306.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306551", "to_ids": false, "type": "text", "uuid": "c038e584-8557-4428-8571-01697c73ee3b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/EvelynStealer.KX!MTB\nVT Total Detection:40/71\nFirst Submission:2026-04-20T22:57:35.000000+00:00\nLast Submission:2026-04-20T22:57:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544683", "uuid": "a2fd831a-207e-4cde-accf-f7aaeeaa7a66", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544682", "to_ids": true, "type": "md5", "uuid": "f5eb4e36-69f8-43b9-bb23-e2a1120c8f16", "value": "acc13f5825cc58d3f71298071130bf7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544682", "to_ids": true, "type": "sha1", "uuid": "6396ed6b-70d7-4af9-a721-3ac04039a297", "value": "2362a0dc0db6671680cdc6059a6e39e2ccf93583", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544683", "to_ids": true, "type": "sha256", "uuid": "6b1ba4ae-ed1e-4a90-884e-3a35ec762284", "value": "90217d4905c8aca23cd2cfe02ad79e1683c9f1cbcda78e93d5fa33f3c77640f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306573", "to_ids": true, "type": "ssdeep", "uuid": "30387c79-3517-4e5d-9dad-bdc38ed2a02d", "value": "3072:1a3ew8YHakpvHSwyBH4VQezDZ4C0x5q9yUKlJ:U8YlIwCvpJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306573", "to_ids": false, "type": "size-in-bytes", "uuid": "0dcedd4f-4f21-47a0-a483-4bc17b8b8cee", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306573", "to_ids": true, "type": "vhash", "uuid": "f0efc077-6dcd-456e-9cdd-1639ef8444bb", "value": "115066655d155d055018z5bnz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306573", "to_ids": true, "type": "filename", "uuid": "0301cc20-727a-46b2-8ab0-11cada042342", "value": "90217d4905c8aca23cd2cfe02ad79e1683c9f1cbcda78e93d5fa33f3c77640f9.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306573", "to_ids": false, "type": "text", "uuid": "09f58bd0-02ad-4690-af12-f6539d347508", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T22:58:46.000000+00:00\nLast Submission:2026-04-20T22:58:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544685", "uuid": "8bcaf95f-e721-41d3-9d3f-c91f94a811d0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544684", "to_ids": true, "type": "md5", "uuid": "d8c001a8-657c-4ffb-bc45-0810e49cc8b4", "value": "e130824839afb594b573fdba78370160", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544685", "to_ids": true, "type": "sha1", "uuid": "c3e988cb-7223-4566-8777-1bb8bb58ff0f", "value": "3d6e52de103cbcf472f0465c14355be6472b739c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544685", "to_ids": true, "type": "sha256", "uuid": "5adac397-5dd0-4b8e-959a-60dbac444745", "value": "cbe62f4d3ddb9b3f625ec6315af402036832efb2f90640e5a7def913b9e79378", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306594", "to_ids": true, "type": "ssdeep", "uuid": "50588c15-dea9-439d-8dac-a3106b251960", "value": "12288:GSGuIuF0MV/VSU5s11yuTUHaaPC+6P/to0Z5Qxr9:LGuNF0MV/VSU5+1yhHaaPX6P/trZ5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306594", "to_ids": false, "type": "size-in-bytes", "uuid": "347cb346-55c8-4400-82ae-be8467224fe2", "value": "649216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306594", "to_ids": true, "type": "vhash", "uuid": "52bba3b9-c5b4-49d0-9f0b-485e600f9ce9", "value": "065066655d1555155225za00ac7z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306594", "to_ids": true, "type": "filename", "uuid": "1e0ae03a-812c-4433-9b79-e726194a4bc2", "value": "zmjbaesb.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306594", "to_ids": false, "type": "text", "uuid": "75530806-1f57-4ccd-99fd-8b7ff746132a", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:57/72\nFirst Submission:2026-04-20T22:59:10.000000+00:00\nLast Submission:2026-04-20T23:19:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544688", "uuid": "87c24be0-6bbf-4618-9776-fa269e4e1410", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544687", "to_ids": true, "type": "md5", "uuid": "bab14e24-410d-4ef5-a847-d78581e6380d", "value": "de6ee820d609baf4759a857ad2f0b445", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544687", "to_ids": true, "type": "sha1", "uuid": "60db7d43-e432-443c-8fcb-6353b18d078f", "value": "9a42c455876e91f24f4b1beedb9ceb1b99518a20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544688", "to_ids": true, "type": "sha256", "uuid": "d21e36ac-99fb-4c45-8a0d-4b7f2e20d138", "value": "61f688bf8b71c5358487d9eb36c99e56557ee80bcfd7edc71a7e440ae2a04f18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306616", "to_ids": true, "type": "ssdeep", "uuid": "6eb7b460-626b-4059-b77b-1d9523cfa1ce", "value": "1536:9r4trLOUnelseYw4MhLVxj5pVTH4SFcSdhn+hlLIvtEJsWTrd79dl2bcmTrVLywr:9g/Rngoyhj5plYAhn41mtqBzkbjL1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306616", "to_ids": false, "type": "size-in-bytes", "uuid": "a94f0c0e-de45-4f3d-9373-9c7d3b63e4c3", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306616", "to_ids": true, "type": "vhash", "uuid": "14f96054-ba33-4540-97b4-e3135ebc3572", "value": "115066655d151d055018z5fhz13z41z4az8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306616", "to_ids": true, "type": "filename", "uuid": "4c184119-aa63-42cd-9489-420300158458", "value": "61f688bf8b71c5358487d9eb36c99e56557ee80bcfd7edc71a7e440ae2a04f18.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306616", "to_ids": false, "type": "text", "uuid": "74e55155-7047-40e7-a986-61b91a2e78b2", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:39/72\nFirst Submission:2026-04-20T22:59:34.000000+00:00\nLast Submission:2026-04-20T22:59:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544690", "uuid": "de5be1fa-cfc0-4523-948a-080c12f31d50", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544690", "to_ids": true, "type": "md5", "uuid": "a5610ab2-6060-4010-baf6-9db8edabd4a1", "value": "20c99d2aeb62c5f7edf8a95fff507379", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544690", "to_ids": true, "type": "sha1", "uuid": "e8ab8f95-12eb-408f-8da4-ac52ad202f5c", "value": "9875d2a6a672e9ab79bfce58db0c738d2da09fcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544690", "to_ids": true, "type": "sha256", "uuid": "c8251945-5eff-40ad-af4a-caf89b6379df", "value": "4e3d454f9915fe65b336607ce0d935e9bd136d1196511793d0652894928206da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306638", "to_ids": true, "type": "ssdeep", "uuid": "3c8072a0-71a5-41b1-b825-78f0d831ed07", "value": "3072:ogoll4YSI2bdOASdo5XjaZsIV1dqP5NEWhw:olLeAdoZ+VC5G4w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306638", "to_ids": false, "type": "size-in-bytes", "uuid": "8019835d-0afa-405b-b5f1-3606913c82ec", "value": "114688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306638", "to_ids": true, "type": "vhash", "uuid": "eba8f5ca-e12f-48b5-99fe-71a2923bab97", "value": "115066655d151d055088z597z2095z13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306638", "to_ids": true, "type": "filename", "uuid": "02b9c7a7-defb-46b7-8894-4dedc2ca378b", "value": "4e3d454f9915fe65b336607ce0d935e9bd136d1196511793d0652894928206da.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306638", "to_ids": false, "type": "text", "uuid": "449d6927-0c5d-4aaf-ac36-5c341dbb6898", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:37/72\nFirst Submission:2026-04-20T22:59:58.000000+00:00\nLast Submission:2026-04-20T23:01:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544693", "uuid": "dcbf8ffd-a7cf-4e93-9656-3ab127431692", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544692", "to_ids": true, "type": "md5", "uuid": "10e2d91c-6cdb-4a9f-b9b1-3c9e3ab77564", "value": "f7209e0cb142664f56252bb99a433a0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544692", "to_ids": true, "type": "sha1", "uuid": "61e9f5af-cfc5-4d40-99ec-5b4318200306", "value": "f7eb73fe9511fcefb1fa01e28b57b5f0bd1c4697", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544693", "to_ids": true, "type": "sha256", "uuid": "cc266500-5ca4-4e2d-b1f7-cbfe10daaf83", "value": "81d6b5c965dd3f4885502d41e1185b34241b01e3f9d0fb91b4b690afdc1795a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306681", "to_ids": true, "type": "ssdeep", "uuid": "87c1e477-795e-48ad-b69c-c110afe6a2a9", "value": "3072:6TXxQHNopvHzzSg6cVQezDZ4C/x5qV6OkK:wxA6VzXFKk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306681", "to_ids": false, "type": "size-in-bytes", "uuid": "ac1e9031-dc87-4df8-ba4e-d772048e9c5c", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306681", "to_ids": true, "type": "vhash", "uuid": "b18cb808-fb26-420b-b567-2ef4d8b0627c", "value": "115066655d155d055018z5bnz31z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306681", "to_ids": true, "type": "filename", "uuid": "3e0d3b04-ea0d-42a2-b45a-33c0fd3a6f94", "value": "81d6b5c965dd3f4885502d41e1185b34241b01e3f9d0fb91b4b690afdc1795a5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306681", "to_ids": false, "type": "text", "uuid": "fae9d032-6668-45d9-a069-b47dbf304a25", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544695", "uuid": "7a8b1f88-e969-4562-9dab-9acbc13faac7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544695", "to_ids": true, "type": "md5", "uuid": "0d8abb49-bb0f-4327-8e5b-23c861b540e0", "value": "2aed49cbd2fc1ab0cfad4d9997950950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544695", "to_ids": true, "type": "sha1", "uuid": "965c2d18-837b-43a4-a05d-3f70ba2fdac5", "value": "f3c0bfa25814632a2e01ec8ad2ecf0211bc445fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544695", "to_ids": true, "type": "sha256", "uuid": "40dfb1fb-553e-4ca6-9ff1-bcdf1d77555c", "value": "be70c9376c4d24e8c5e37a06592aaef594a96bee65db7a0aa7d6ef69cdce8e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306703", "to_ids": true, "type": "ssdeep", "uuid": "7bf49c65-fbdd-4771-a929-68ccb6d51a7b", "value": "3072:jpnewXSApGnKj7A8VVQezDZ4CHx5qVUxZ:5eg5LjE8vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306703", "to_ids": false, "type": "size-in-bytes", "uuid": "7d190062-6c53-4147-bf7c-6c1101494902", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306703", "to_ids": true, "type": "vhash", "uuid": "f0a6e4be-2f68-4393-96fc-8e872976a498", "value": "115066655d155d055018z5bnz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306703", "to_ids": true, "type": "filename", "uuid": "32eea21d-3e94-4c99-8acc-8188a08c93bb", "value": "be70c9376c4d24e8c5e37a06592aaef594a96bee65db7a0aa7d6ef69cdce8e61.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306703", "to_ids": false, "type": "text", "uuid": "c0ab88a0-e7d9-4f7f-b3d7-5ac8c7aa220a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:34/72\nFirst Submission:2026-04-20T22:54:24.000000+00:00\nLast Submission:2026-04-20T22:54:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544698", "uuid": "c7f3c610-5b3a-48b8-8fe6-5906e86ea8b3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544697", "to_ids": true, "type": "md5", "uuid": "c0cd7dc5-b9b7-42a1-9186-b8f740892f23", "value": "f277e0e285c90b91e2da4f4f94046c9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544698", "to_ids": true, "type": "sha1", "uuid": "cce5f750-c8b0-42ff-b236-3b61a55e1e8c", "value": "307b4d83b2c0245627b54c9e9da16976cfd50c98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544698", "to_ids": true, "type": "sha256", "uuid": "3a73dd1f-210c-462d-bd5f-b4232ac1bb84", "value": "aabf7c1591dbecbcee2225a1b7d46fec856a304cb3264cef7eb90251d039e48e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306725", "to_ids": true, "type": "ssdeep", "uuid": "c737974e-a4ca-4fdf-b53f-44045019d9ee", "value": "3072:t3QQah85ZpA4rwgw3LyVQezDZ4Ckx5qVyckVPxIiTlpw5:5aabDw53Bna5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306725", "to_ids": false, "type": "size-in-bytes", "uuid": "9d39c474-79fb-462b-b782-7f571b5b56e5", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306725", "to_ids": true, "type": "vhash", "uuid": "109df799-2235-4d41-8fff-1e27686d915b", "value": "115066655d155d055018z5bnz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306725", "to_ids": true, "type": "filename", "uuid": "6cb8c571-d6f8-44ce-86c8-109a233e2b83", "value": "aabf7c1591dbecbcee2225a1b7d46fec856a304cb3264cef7eb90251d039e48e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306725", "to_ids": false, "type": "text", "uuid": "6438ec09-f66f-4c86-bd2e-55fa88cf7be3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544701", "uuid": "7c8964a5-1791-4c82-a5c4-2bfb7494d126", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544700", "to_ids": true, "type": "md5", "uuid": "8c930d0c-4a50-4e8b-b8a4-a4190bdaa1c4", "value": "ec2ecc241d66904950300acc47e85539", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544700", "to_ids": true, "type": "sha1", "uuid": "fc721cfc-4e42-4860-b64a-6f7d5f6cf427", "value": "2afce614f23bfdeb629893d38213f599372ae9a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544701", "to_ids": true, "type": "sha256", "uuid": "527fee80-c58c-4ebb-b74c-514a8cdc185c", "value": "9cc3119b718cf6736f07cfb3b0a91661ffaad013dcfd5e0283bd3162986755d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306768", "to_ids": true, "type": "ssdeep", "uuid": "e01dca75-c5c8-4434-8564-9fa6c402c957", "value": "384:cpaJuqQYbqjpk972V7/AqBZB1FOmLpMhvh0FbOKTCOQKFRApkFTBLTAOZwpGd2vQ:R16zY0FPChvGFbO75KFVFo9j8OjhwbZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306768", "to_ids": false, "type": "size-in-bytes", "uuid": "5c894d47-4f40-4923-bc6a-edb7967bf868", "value": "33280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306768", "to_ids": true, "type": "vhash", "uuid": "a0579d6b-779c-4681-bf44-cd49127bace2", "value": "234036551511707729110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306768", "to_ids": true, "type": "filename", "uuid": "3c802260-79ba-47f7-862c-ba266a967c60", "value": "XWormClient2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306768", "to_ids": false, "type": "text", "uuid": "cd5c20d6-c694-4954-82da-bfa7fbf4a97f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:61/71\nFirst Submission:2026-04-20T22:55:10.000000+00:00\nLast Submission:2026-04-20T23:11:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544703", "uuid": "80d07c28-0957-4117-8aba-26fa823ee903", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544702", "to_ids": true, "type": "md5", "uuid": "cd9dadb0-5d91-40c5-ae36-74a4b6196951", "value": "0098b848b7ec4db7740ca1e720c345eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544703", "to_ids": true, "type": "sha1", "uuid": "527092b0-6f08-4b13-956c-80415abf3697", "value": "9e5f995febeb94da814a9c438d9675b198317af3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544703", "to_ids": true, "type": "sha256", "uuid": "200b1c99-7f34-4f2c-8798-a880095cf079", "value": "a2b4b3d95ce8e954fd1d7f4a1d9535bba004cb2978a041420e2dbb4a32f0c2ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306790", "to_ids": true, "type": "ssdeep", "uuid": "574ae947-959d-43cd-b783-f70713c12c9d", "value": "12288:C6pxxGI8gvGOHJpAbDYGxLhZ+sPZtWmPFN:C6pxxx8U+bDYGxLhZtZPPF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306790", "to_ids": false, "type": "size-in-bytes", "uuid": "b36c0a0e-4d8d-4b3f-9ec3-a06fc994af82", "value": "507392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306790", "to_ids": true, "type": "vhash", "uuid": "ab464a5a-f709-475a-bfe6-34a2ff02fc9c", "value": "055056655d15156225za00a87z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306790", "to_ids": true, "type": "filename", "uuid": "a5e8806e-338b-4496-824e-fd158a004dad", "value": "hfto7r.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306790", "to_ids": false, "type": "text", "uuid": "15625298-37aa-4e43-b282-4f9d460dd3fc", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:61/72\nFirst Submission:2026-04-20T22:56:19.000000+00:00\nLast Submission:2026-04-20T22:56:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544706", "uuid": "8d3c7565-c504-4c21-b1a4-58beb0452ad2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544705", "to_ids": true, "type": "md5", "uuid": "d39ee03a-0c5b-4eb4-b589-6d217a6a5051", "value": "6bd4f3448bcced08eb1cd054118af3bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544705", "to_ids": true, "type": "sha1", "uuid": "fde6c107-b1d9-4b2b-a634-dd5993fe9e00", "value": "e4ed20203d43b3bad1d9ca51d62e039a31e73129", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544706", "to_ids": true, "type": "sha256", "uuid": "9663c93c-e67d-401a-aa17-5fcfc9df9ed1", "value": "a907d35faf1fb9148c6a340fa2626e2e62b8eb5e46b4b0427ad002cfffdf2e2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306813", "to_ids": true, "type": "ssdeep", "uuid": "f020605e-32a3-4c80-b1e0-7806a0494adc", "value": "12288:5aMwmp7scoHvln/+iB9PQoYYUPGmdou5usyW:Y7mScoHvln/+aPQoYDPGmd35o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306813", "to_ids": false, "type": "size-in-bytes", "uuid": "67c887a4-124e-4550-9712-48ec98d50c9d", "value": "616448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306813", "to_ids": true, "type": "vhash", "uuid": "a0fba692-fc21-4718-8fa3-c2a95975f510", "value": "065066655d1555155225za00ac7z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306813", "to_ids": true, "type": "filename", "uuid": "a3f4270f-f716-4ecb-9dd9-3f2af192d3ca", "value": "xa907d35faf1fb9148c6a340fa2626e2e62b8eb5e46b4b0427ad002cfffdf2e2f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306813", "to_ids": false, "type": "text", "uuid": "756505ec-7e4d-4359-bb83-1fada1fdacb4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Remcos.ARE!MTB\nVT Total Detection:59/71\nFirst Submission:2026-04-20T22:57:05.000000+00:00\nLast Submission:2026-04-21T13:48:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544708", "uuid": "eb205758-c6e7-4526-bbf8-e0987e9f89a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544708", "to_ids": true, "type": "md5", "uuid": "9201b83d-b216-4b33-9ac6-5e40b46a248c", "value": "1ba5d4b5e94b01ccbdbb67160da92901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544708", "to_ids": true, "type": "sha1", "uuid": "2ebde7dd-80f4-4e3a-a0aa-adfe8d962c44", "value": "497f09d8f7862bdbe25ec23944233958b228808c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544708", "to_ids": true, "type": "sha256", "uuid": "cf0c4f73-2d46-45de-8446-1b90bb4d2db7", "value": "754211ac21105547002e6855b225b2d7af5c491aeb36a9505432eb69aec746ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306834", "to_ids": true, "type": "ssdeep", "uuid": "1b55a037-fcd3-48b5-b9f7-800542b353fa", "value": "3072:qMew8YHakpvHSwyBHqVQezDZ4C0x5q9poW/2:N8YlIwCdo2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306834", "to_ids": false, "type": "size-in-bytes", "uuid": "97695be2-5b31-47fd-af00-f45ce4518f70", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306834", "to_ids": true, "type": "vhash", "uuid": "4f820fbb-d5e9-40fb-9c77-58397dd0315f", "value": "115066655d155d055018z5bnz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306834", "to_ids": true, "type": "filename", "uuid": "60df94c3-0c94-488d-ab98-aa8fa5afaf8b", "value": "754211ac21105547002e6855b225b2d7af5c491aeb36a9505432eb69aec746ff.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306834", "to_ids": false, "type": "text", "uuid": "845766fc-f8ea-4db4-935d-7a9247a36296", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544711", "uuid": "5f03d6fb-4a6e-4c09-be82-cad6493b49cf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544710", "to_ids": true, "type": "md5", "uuid": "59577678-b37a-4b07-95d8-8b3b785fc8bb", "value": "762e10f534fe3e4f16386754aaffdbe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544711", "to_ids": true, "type": "sha1", "uuid": "59916412-5dc0-432a-80ce-247d2201a4c7", "value": "2be9d1043cc1a5209674d30f0c39145776c1faeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544711", "to_ids": true, "type": "sha256", "uuid": "027785f4-3e4c-4a43-8cc0-11e67112da16", "value": "cc920b1b12c338917890297223d10c34de5a4ac70502fd2a4e00fd9653f2f8cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306856", "to_ids": true, "type": "ssdeep", "uuid": "2ac45bf1-1cca-4d4b-9dc3-02b721440f0b", "value": "12288:PSGuIuF0MV/VSU5s11yuTUHaaPC+6P/to0Z5hdr:6GuNF0MV/VSU5+1yhHaaPX6P/trZ5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306856", "to_ids": false, "type": "size-in-bytes", "uuid": "a7622ebb-7f6b-4ed6-b9c5-7425769ded09", "value": "649216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306856", "to_ids": true, "type": "vhash", "uuid": "29d4527d-3fe9-431e-8383-d52658166500", "value": "065066655d1555155225za00ac7z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306856", "to_ids": true, "type": "filename", "uuid": "f3259283-b842-4df2-b555-79f9f1e1a2b7", "value": "6sa6w.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306856", "to_ids": false, "type": "text", "uuid": "f6010e8b-3ba9-44c0-9d4e-cefef92de92a", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:53/72\nFirst Submission:2026-04-21T02:07:48.000000+00:00\nLast Submission:2026-04-21T02:07:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544714", "uuid": "7122bde5-9896-4d10-bd8c-795fa6e3904d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544713", "to_ids": true, "type": "md5", "uuid": "a5f653a7-7667-46ab-a410-3d565cf60d42", "value": "434a86657c42c324e59e025bce1a11f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544713", "to_ids": true, "type": "sha1", "uuid": "c5373944-040b-41eb-9fa6-a9045a21ca6c", "value": "04f65399b376530061058afa4363a3a3a7d102ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544714", "to_ids": true, "type": "sha256", "uuid": "37eec22d-8ad5-43bd-abd6-fd61cd93875f", "value": "f943e9d208d6ee61e7329e7673537df12cbd74a06c277424b23c4c5d87ab9641", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306878", "to_ids": true, "type": "ssdeep", "uuid": "6c0a94a0-3879-4ee4-b32a-60b747e1a646", "value": "6144:NXEE+QEZJvHVdFjl0WGYB+cvbWvpB+qADnN8XIniCrVSMXcvOsAORZ0AXiBceIS:pENlHV9FGeDWv3jADnyYiCNrsPZ03" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306878", "to_ids": false, "type": "size-in-bytes", "uuid": "25f2192f-c70a-4134-b15c-f52107117d29", "value": "528384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306878", "to_ids": true, "type": "vhash", "uuid": "573d1562-70d7-47ad-b2b6-dc55eb73bb75", "value": "055056655d15156225za00a87z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306878", "to_ids": true, "type": "filename", "uuid": "e469fcaf-db65-44fd-ad5a-de37ee25900c", "value": "f943e9d208d6ee61e7329e7673537df12cbd74a06c277424b23c4c5d87ab9641.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 26/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306878", "to_ids": false, "type": "text", "uuid": "99a987f0-c8f7-494d-8477-e392670a236a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Rescoms.ZBH!MTB\nVT Total Detection:61/71\nFirst Submission:2026-04-22T05:29:32.000000+00:00\nLast Submission:2026-04-22T20:46:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544716", "uuid": "c66e7919-1728-44e0-9ed0-bb13bc6425f7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544715", "to_ids": true, "type": "md5", "uuid": "60817bda-7ebd-4257-8049-bd02a8f26bb3", "value": "b07eabb4e5fa3b77a6a491c3da6142a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544716", "to_ids": true, "type": "sha1", "uuid": "dcab89e4-e809-45b9-929a-6268f1446928", "value": "1dd0607023ed31b660853f2639c9e236f8cdc1b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544716", "to_ids": true, "type": "sha256", "uuid": "878ee9e3-73dc-4326-b27c-c92d47a8578c", "value": "0cc99818eb254032519590737c6df2552812a605e76c2fc74d15bdf1a8f86210", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306900", "to_ids": true, "type": "ssdeep", "uuid": "0986dd67-30a6-4f4a-9c68-ab793e693334", "value": "6144:5kgFocJuquq7VzxYSabOi7GzMtHSZ+cxm4dQrbNHull52LTPte8u:5DFtJuquqzxYCi7GzMEO4dQZLTPU8u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306900", "to_ids": false, "type": "size-in-bytes", "uuid": "184f08dd-a1cf-4459-9994-e826f3716b15", "value": "369664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306900", "to_ids": true, "type": "vhash", "uuid": "5e1ad2db-3ba7-492a-8bad-57666df41bc7", "value": "23503665551380833ffe519171d85" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306900", "to_ids": true, "type": "filename", "uuid": "4e3e37d5-108a-49de-9f7c-fbdfe5d8d86a", "value": "GRAPHISOFT ArchiCAD 27 Build1" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306900", "to_ids": false, "type": "text", "uuid": "36c00198-7657-4e81-847d-39a204c207b4", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Quasar.GG!MTB\nVT Total Detection:53/72\nFirst Submission:2026-04-20T22:50:47.000000+00:00\nLast Submission:2026-04-20T23:06:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544719", "uuid": "0ce82f8c-c7c2-45ef-a2a4-56f2092ad59f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544718", "to_ids": true, "type": "md5", "uuid": "e94853fb-60e7-4fa6-841f-df637971ca4c", "value": "80de8979680814936c6f08b842c95b7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544718", "to_ids": true, "type": "sha1", "uuid": "cc8c55cb-8c5a-429d-9208-96ed15ffd085", "value": "a9d35855d70ec5ec3fcdd86beebb4150c8b52373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544719", "to_ids": true, "type": "sha256", "uuid": "b5362546-7134-447c-b432-6d1cab03a002", "value": "9193d0a4fa36096e16d6b2c498dad124baa8c88aaf0360281748c07c16b13096", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306921", "to_ids": true, "type": "ssdeep", "uuid": "f4a67cc6-0ee0-4f72-ab4d-15491c68d84b", "value": "3072:SXrYXdCm1Gt4QbCQiJd3t7VQezDZ4Cv2GWwD80p5wCATAz1vKEobi:MYNCsZMCQiJVBYi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306921", "to_ids": false, "type": "size-in-bytes", "uuid": "967be97b-a711-41ac-83c4-215935d6b274", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306921", "to_ids": true, "type": "vhash", "uuid": "e2baebd3-4679-47a0-9412-6d9443faaa9a", "value": "115066655d155d055018z597z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306921", "to_ids": true, "type": "filename", "uuid": "eef2972f-b0a8-4c43-aac4-374faf0b0206", "value": "9193d0a4fa36096e16d6b2c498dad124baa8c88aaf0360281748c07c16b13096.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306921", "to_ids": false, "type": "text", "uuid": "b2a73322-dc0b-4d81-9297-e4d07764ea8a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:38/72\nFirst Submission:2026-04-20T22:51:10.000000+00:00\nLast Submission:2026-04-20T22:51:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544721", "uuid": "679ef084-0d70-4456-9d45-ef4dae5caed9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544721", "to_ids": true, "type": "md5", "uuid": "ab17894c-f167-4eba-a016-992c6f90b348", "value": "edd45b64edaaa6b6184414b9a3ff3b64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544721", "to_ids": true, "type": "sha1", "uuid": "ce87b1b5-64e0-47b4-bfff-f62d9063efdc", "value": "cf0693af1e4ecb180717a9a32e3be811d99f07db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544721", "to_ids": true, "type": "sha256", "uuid": "8ee88b07-1e13-4b6b-a390-b3c57da7ac2d", "value": "be94ed15a50a3386f6ab466401d68faf13ead40a05f50c37f410414b57512d3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306943", "to_ids": true, "type": "ssdeep", "uuid": "d6c75cae-c556-4962-a70e-4c86d4afd65b", "value": "1536:bFRxeCCntVHnsWYuk4YBKbZpHTH3S1ZowWe407WJlqJxE+gsWRJdL9dlIj1wls:bLHCPHnUQXZpzXIye44vJxSjjCwi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306943", "to_ids": false, "type": "size-in-bytes", "uuid": "bc36fbb1-97a9-4448-bcc4-3f42cdee582d", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306943", "to_ids": true, "type": "vhash", "uuid": "3b8e29ee-ccb6-4b75-b301-adec43364bc7", "value": "115066655d155d055018z5anz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306943", "to_ids": true, "type": "filename", "uuid": "d5e31bf9-aac0-43b4-af28-32a837df6f52", "value": "be94ed15a50a3386f6ab466401d68faf13ead40a05f50c37f410414b57512d3c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306943", "to_ids": false, "type": "text", "uuid": "8f57f4f3-a958-41fd-85e7-c313ea3e0746", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:40/72\nFirst Submission:2026-04-20T22:51:34.000000+00:00\nLast Submission:2026-04-20T22:51:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544724", "uuid": "346e148d-542c-44cf-9f31-5b84bf52ac08", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544723", "to_ids": true, "type": "md5", "uuid": "8983e099-3906-4264-bb36-9e76e6a268a8", "value": "601abeb19c1895120d7ca1aced578495", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544724", "to_ids": true, "type": "sha1", "uuid": "dc475492-c5c9-4855-9cc0-61e88b1aa267", "value": "4a5277e2df7a5be9b049970022eaa71d7de9e97c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544724", "to_ids": true, "type": "sha256", "uuid": "ad6f797c-f11f-4e48-a235-aa5cfb6bf201", "value": "943cd759c65b91cf0dd91e0931d376b6ab282d732c7b6d899ced27dcdfeecf3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777306965", "to_ids": true, "type": "ssdeep", "uuid": "ec18cde4-33ae-47d6-9bfc-89c2dacd6075", "value": "3072:BwRzvdqTmFGaNQbPAwODdgSTj5YiPWm2QjcUJZQijPG3zbHTKk1pHsD+VJ:szVqTobMPAwOBOEA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777306965", "to_ids": false, "type": "size-in-bytes", "uuid": "f90e8f6b-776e-4a4f-89cb-3b3f7c6fd248", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777306965", "to_ids": true, "type": "vhash", "uuid": "ea08a08d-364b-41a2-b483-d8bee32fda15", "value": "115066655d155d055az567z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777306965", "to_ids": true, "type": "filename", "uuid": "69320217-2a09-4969-906b-46260cbbfd1f", "value": "iecqh.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777306965", "to_ids": false, "type": "text", "uuid": "a7f546cd-1d21-4553-a38c-8aa5bb1300f9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:31/71\nFirst Submission:2026-04-24T12:08:28.000000+00:00\nLast Submission:2026-04-24T12:08:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544727", "uuid": "407bc730-5f04-4294-a19d-3c94cbc27492", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544726", "to_ids": true, "type": "md5", "uuid": "105cf80c-dd1f-4a14-9991-3147ea1cb33b", "value": "37b14e5e799323b44977e1f142ad6783", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544726", "to_ids": true, "type": "sha1", "uuid": "27830320-685f-4ae3-a2f8-046dd2c2e851", "value": "763d833bb88da0cd24312a3d4e40b9574769c2ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544727", "to_ids": true, "type": "sha256", "uuid": "79463deb-01e2-44d1-ac00-911bbc8c0936", "value": "35ffbcf51dba119a8e567fca0652f799c058749f500b8ba6c5f6b5d9b3c05608", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307029", "to_ids": true, "type": "ssdeep", "uuid": "953a54b4-d8ad-4e0c-9020-8a24939c5de0", "value": "1536:92wkTwPMFZYQ46x6Fu3DpGTHASUVjLLJBqQ5tEJsWTrdj9dl7j86QQT:9pXPMsoF3Dp+g9LLrqItqB7dY6QQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307029", "to_ids": false, "type": "size-in-bytes", "uuid": "ff71fc8c-9f03-4068-976d-ac2cb90aee77", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307029", "to_ids": true, "type": "vhash", "uuid": "f528e3bf-857a-4305-ac4d-c5be863af417", "value": "115066655d151d055018z5fhz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307029", "to_ids": true, "type": "filename", "uuid": "46433725-c3f7-490c-8176-fc1d226f0915", "value": "init.dll" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307029", "to_ids": false, "type": "text", "uuid": "8b3c8add-0c08-48af-ad72-4fb6527f48a5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-20T22:48:56.000000+00:00\nLast Submission:2026-04-20T22:48:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544729", "uuid": "b527b706-e965-4c29-a450-c6129133dd6c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544728", "to_ids": true, "type": "md5", "uuid": "5e1e45fe-28b5-4bdd-a1c1-f5604a7edf44", "value": "fb709c921303fa462173b911482036bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544729", "to_ids": true, "type": "sha1", "uuid": "ca91b491-36b6-494b-beab-fabe8d204487", "value": "0b12919052cb83fab315e8ec7352d131600a0792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544729", "to_ids": true, "type": "sha256", "uuid": "cd545567-9408-49cc-830e-be3418194a54", "value": "c9a44c6428fee879e59aa212a95c316e508b06775e2fccc690ae2acbc94493c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307050", "to_ids": true, "type": "ssdeep", "uuid": "48b12c57-f63d-4b89-92a1-04d5409447d5", "value": "3072:C68YsG7o32H1HJw4PZsilqt10qoHcnZw/giCiT:C68YsG7o+u4Pu0qLocnQVT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307050", "to_ids": false, "type": "size-in-bytes", "uuid": "2f6f3e93-32d2-4d20-9bb7-56c0a65eba8a", "value": "168960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307050", "to_ids": true, "type": "vhash", "uuid": "4baa903b-f280-4d6a-9cc7-a09a3a299d81", "value": "0150a76d1555551c0d1d1018z2431lz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307050", "to_ids": true, "type": "filename", "uuid": "9c1ddc40-60d9-4a82-a24b-815726bd729f", "value": "c9a44c6428fee879e59aa212a95c316e508b06775e2fccc690ae2acbc94493c7.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307050", "to_ids": false, "type": "text", "uuid": "4826d7ca-0400-43e9-9519-6b262d809e49", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/EvelynStealer.KX!MTB\nVT Total Detection:51/71\nFirst Submission:2026-04-20T22:53:54.000000+00:00\nLast Submission:2026-04-20T22:53:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544732", "uuid": "af5c6342-102b-47fc-9316-322ada5f2a1b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544731", "to_ids": true, "type": "md5", "uuid": "592dbc0f-9a4d-418d-a123-366e1253821a", "value": "4ba2e8b223285a7a2b2062cb2bb248ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544731", "to_ids": true, "type": "sha1", "uuid": "89007330-b2b5-4a09-9e1c-6ee22d65b204", "value": "515b0227e0da994bd393e971c9ff2ed2f679be58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544732", "to_ids": true, "type": "sha256", "uuid": "50967407-030b-4718-a476-1657d36821f8", "value": "25645b677db5541b4e78ae32ca3de17f5894ae168e1c14d8f6260a8213435ff7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307072", "to_ids": true, "type": "ssdeep", "uuid": "1d2af3eb-022d-4020-8514-5b7a90337f78", "value": "3072:yLpnewXSApGnKj7A8TVQezDZ4CHx5qV6Gl:ceg5LjESWl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307072", "to_ids": false, "type": "size-in-bytes", "uuid": "15a68ae9-f7ee-4d6d-b2c5-345c71897082", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307072", "to_ids": true, "type": "vhash", "uuid": "a5a29335-1959-4a59-90b8-8f357b7426dd", "value": "115066655d155d055018z5bnz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307072", "to_ids": true, "type": "filename", "uuid": "5449f6aa-9f8a-43e9-96db-ed833f67c663", "value": "25645b677db5541b4e78ae32ca3de17f5894ae168e1c14d8f6260a8213435ff7.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307072", "to_ids": false, "type": "text", "uuid": "fb8039ad-c8b4-408f-9e19-cf0e8ed77e0e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T22:59:51.000000+00:00\nLast Submission:2026-04-20T22:59:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544734", "uuid": "6a021b84-2d4e-453b-a033-5a5e7a16cfd4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544734", "to_ids": true, "type": "md5", "uuid": "8843afc3-2f5c-4c99-8ab9-b3a2bf49e552", "value": "7d538008e2db4e28490b23d1579e4382", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544734", "to_ids": true, "type": "sha1", "uuid": "511412d0-ce7f-4560-baeb-e7b7b29bebff", "value": "41db80dbf5211c6d9af6a90b35c527b4a82c4124", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544734", "to_ids": true, "type": "sha256", "uuid": "59568e80-4d3a-4281-be97-dc706503e39e", "value": "4013853381bb2c28ddff061b1a208e886f2b52a31073cea40e4cdb5ec431d58b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307094", "to_ids": true, "type": "ssdeep", "uuid": "d883305c-8668-4b69-b9c8-e0ad4d7eaf8f", "value": "12288:qSGuIuF0MV/VSU5s11yuTUHaaPC+6P/to0Z5Qxr:/GuNF0MV/VSU5+1yhHaaPX6P/trZ5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307094", "to_ids": false, "type": "size-in-bytes", "uuid": "36c4d2d3-05d8-4152-a330-b230f9e32185", "value": "649216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307094", "to_ids": true, "type": "vhash", "uuid": "38ad04cf-f4af-4101-8a82-3ff1a26c2214", "value": "065066655d1555155225za00ac7z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307094", "to_ids": true, "type": "filename", "uuid": "76348250-91c5-48d5-b7ae-4df55e13a2db", "value": "x4013853381bb2c28ddff061b1a208e886f2b52a31073cea40e4cdb5ec431d58b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307094", "to_ids": false, "type": "text", "uuid": "1b0ac634-ca73-4e8c-9345-ba2bee8cf959", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:55/72\nFirst Submission:2026-04-20T22:47:34.000000+00:00\nLast Submission:2026-04-21T14:02:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544737", "uuid": "d986bc40-990c-4a1c-9e01-f1a049ae3f19", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544736", "to_ids": true, "type": "md5", "uuid": "47c732ed-e034-4624-bd90-b11c9d524d42", "value": "93bcf85c325621fbe5f60fa3a21b062b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544737", "to_ids": true, "type": "sha1", "uuid": "2086af24-40d7-4d91-9c2a-31505e2af3c7", "value": "880349e655dbce699bbedb09dd7d097b7e5ca802", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544737", "to_ids": true, "type": "sha256", "uuid": "b60eb6af-e062-4efd-b4fc-d87640094cbd", "value": "4e962253eaad130a404a4920d629d881b2adc3b718ecf9d6e2544edd4ba8a4a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307115", "to_ids": true, "type": "ssdeep", "uuid": "6d548720-1b2f-4c3c-8f6c-2a352244338a", "value": "3072:w7MwDX6Nx948gY+jOOCL6lQmkYFwkeEIJzZw+dO1gyugnBz2d:47DKNZgpwWXYdJFdiwmB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307115", "to_ids": false, "type": "size-in-bytes", "uuid": "ddd81113-148b-4d5b-90a5-c6ee1f3db843", "value": "188928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307115", "to_ids": true, "type": "vhash", "uuid": "36577f88-b1dd-409b-b4f9-2869ecba8594", "value": "0150a76d1555555c0d1d1038z3c38fz13z1032z117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307115", "to_ids": true, "type": "filename", "uuid": "f5fa1634-44de-462e-b56d-41326b22e1e8", "value": "4e962253eaad130a404a4920d629d881b2adc3b718ecf9d6e2544edd4ba8a4a2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307115", "to_ids": false, "type": "text", "uuid": "3f03b090-b3e9-424a-bef2-bbbdee75d0e7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:49/71\nFirst Submission:2026-04-20T23:02:29.000000+00:00\nLast Submission:2026-04-20T23:02:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544739", "uuid": "51d67b1f-c253-4c5d-b2b4-187590c14268", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544739", "to_ids": true, "type": "md5", "uuid": "a35ebe23-5071-409d-b5bc-8c39a47a8d21", "value": "642546cdeb9cffd081c1f9d61bf89f79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544739", "to_ids": true, "type": "sha1", "uuid": "4dbb1da1-2e3a-4bfc-9444-c0ee2837acfb", "value": "e96766380848272226b4e942f5c20793198501c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544739", "to_ids": true, "type": "sha256", "uuid": "5092a44e-84f0-4ef8-b28a-af2f73af48df", "value": "bc53ce4bcea856eb3d03b0367dd2342b879a00491e7d5992716eaa421f32adb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307138", "to_ids": true, "type": "ssdeep", "uuid": "b7751cee-6b3d-45ce-b65a-b5d763ef8d80", "value": "3072:5g4MwulKXezak9QbNOkzviKtEAOjzJoyfm2GgzskZpgyzfWHRzT9aiD8HEGx:6jAXIMNOkzvhtPL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307138", "to_ids": false, "type": "size-in-bytes", "uuid": "e15aadea-4725-4bee-b2fd-aed6a05a77b9", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307138", "to_ids": true, "type": "vhash", "uuid": "a04593ef-a39b-4858-91f4-5a4bb83efc7c", "value": "115066655d155d055az557z2095z13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307138", "to_ids": true, "type": "filename", "uuid": "dcebc6d1-0604-4245-8874-0cec37c9cd73", "value": "bc53ce4bcea856eb3d03b0367dd2342b879a00491e7d5992716eaa421f32adb2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307138", "to_ids": false, "type": "text", "uuid": "9fe7f586-ef02-450e-837f-79401b090b3c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T22:48:18.000000+00:00\nLast Submission:2026-04-20T22:48:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544743", "uuid": "49d22f4b-6fbd-4226-a23f-17d9f658c4ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544742", "to_ids": true, "type": "md5", "uuid": "a2d31ffb-eb14-48ec-be7e-2309a7ba9429", "value": "744ff1d49d322301c5558bb359651399", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544742", "to_ids": true, "type": "sha1", "uuid": "49a54a20-7844-41b0-b769-5b9823221c47", "value": "a1002398fd47d8081b6053cb42fe81aaccae0eea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544743", "to_ids": true, "type": "sha256", "uuid": "1a53a8cd-240c-4044-84f0-7bd5e30ee3a9", "value": "c61c5222e298bf632c0f701da32d74c1e2830a56e1baef37cfb8d212540c516b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307159", "to_ids": true, "type": "ssdeep", "uuid": "66b0aec0-96cd-4af0-b428-35215485b08d", "value": "768:5jrnY4DfiwCPcJ50guqZI9x7FWPr9Q55OwhHanHlg:l5Oc50gWFS9Q55OwlGHlg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307159", "to_ids": false, "type": "size-in-bytes", "uuid": "f2c3abbc-f5a1-4d8c-a3e6-9a35d0345e5c", "value": "39936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307159", "to_ids": true, "type": "vhash", "uuid": "0b74ac0f-7747-46e1-9738-837a0f1829c6", "value": "234036551511707a2d111020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307159", "to_ids": true, "type": "filename", "uuid": "b03f2273-4c19-4754-89d8-5b11b321c3fe", "value": "Windows Defender.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307159", "to_ids": false, "type": "text", "uuid": "b2964f37-0d57-4679-bc0b-c76364358814", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:59/71\nFirst Submission:2026-04-20T22:49:05.000000+00:00\nLast Submission:2026-04-20T22:49:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544744", "uuid": "ea7c1d1c-c0f1-40f3-9c5c-c6a41aa0abb6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544743", "to_ids": true, "type": "md5", "uuid": "6b125239-1ab3-4ddf-8410-55610e35214b", "value": "f5f1cda9d4b86be491a647dc3f274e7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544744", "to_ids": true, "type": "sha1", "uuid": "3959d8ea-775a-4f27-bcdc-0df7136ec727", "value": "76bb8b2470d354a4a70e54f3773b37d3994e397e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544744", "to_ids": true, "type": "sha256", "uuid": "3ae07dc0-516c-4f6d-9c69-994b0ed191a1", "value": "ae49f4fc113c4b1cfdcc748142be7e6a64bf0b24d8316a54b43a3aaa4fa11145", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307181", "to_ids": true, "type": "ssdeep", "uuid": "3bc0769c-34ff-4e29-8de6-23f92dee4ee9", "value": "1536:Im/sPgvOJChCtYIXdzIAZcLFqhbMb+KR0Nc8QsJq39:5kP8hCtxdzIIc8hbe0Nc8QsC9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307181", "to_ids": false, "type": "size-in-bytes", "uuid": "e8eaad1a-21c3-4d67-af50-9f002e1d68f2", "value": "73802" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307181", "to_ids": true, "type": "vhash", "uuid": "c7e6f027-7a3a-41a0-88d8-3d3449b5d455", "value": "074046755d151028z2e32tz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307181", "to_ids": true, "type": "filename", "uuid": "476758f0-471f-4789-bd95-064d4741ed3b", "value": "ab.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307181", "to_ids": false, "type": "text", "uuid": "d2e51577-0ef1-4f3e-80b0-8edc2031e2d4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Meterpreter.O\nVT Total Detection:63/72\nFirst Submission:2025-09-12T15:38:22.000000+00:00\nLast Submission:2025-09-12T15:38:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544747", "uuid": "3052accf-15f4-4ede-972b-ca2f9aaeaca9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544746", "to_ids": true, "type": "md5", "uuid": "6ad6d7b3-8b94-4816-8442-99db97b04b16", "value": "0094269dbc63e8528e8ad13996910c38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544746", "to_ids": true, "type": "sha1", "uuid": "641553d4-a46d-42e2-b9e4-bcb015170514", "value": "e6828778602d87aa06e0cc758b6a760b198b5875", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544747", "to_ids": true, "type": "sha256", "uuid": "1f049c71-b12f-4c3d-b47e-d23af6140b5c", "value": "e43f17c314b55fd5cb523284ee2f132942c9a4dc28e917acd67c16901135586e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307203", "to_ids": true, "type": "ssdeep", "uuid": "9cf52cbc-82cf-453b-b5e4-545c757b0eb2", "value": "3072:qj7FEVRoWiGqsGQbXAL/QiY72GWwD80p5wCDvmXT7RLyzfWC+YmSO/2nePGyufbb:q9ELobqGMXAL/DYUkt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307203", "to_ids": false, "type": "size-in-bytes", "uuid": "3ca64430-3222-4209-83b1-54e51d9b7f32", "value": "105472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307203", "to_ids": true, "type": "vhash", "uuid": "db6df021-d3f4-4d03-9dfc-410306e3715e", "value": "115066655d155d055048z4c7z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307203", "to_ids": true, "type": "filename", "uuid": "13fd0e80-dcb8-45c2-9acc-0f87853afc6f", "value": "e43f17c314b55fd5cb523284ee2f132942c9a4dc28e917acd67c16901135586e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307203", "to_ids": false, "type": "text", "uuid": "9ce921b4-025d-4c22-9efc-4aaec2e31394", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:43/71\nFirst Submission:2026-04-20T22:49:52.000000+00:00\nLast Submission:2026-04-20T22:49:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544749", "uuid": "e60edc5b-fe22-46ab-8f83-b1b34a6040fe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544749", "to_ids": true, "type": "md5", "uuid": "e650c967-728e-4253-a25b-26a87bf5ec30", "value": "30cb81dde3bf852c181f070e3151478d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544749", "to_ids": true, "type": "sha1", "uuid": "5fd6ebfd-f2f8-4c09-9aca-8fbe61e1145a", "value": "29f48866e8e48783b65066c85f59f49a90d3eb89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544749", "to_ids": true, "type": "sha256", "uuid": "218e8242-475d-4a6d-b37c-f8f78bf7a5ec", "value": "3cdb760342bc041252efe74188ba8b106b10484a3638b0a2d33830016611a2c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307224", "to_ids": true, "type": "ssdeep", "uuid": "2c2bac2f-b013-4079-93e6-2d33314b6282", "value": "3072:9dgy+H5TrW9XplYiRXx/ANtqBzU23TBiMrWQ:1+ZXWJZRh/ldDB1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307224", "to_ids": false, "type": "size-in-bytes", "uuid": "6c83d274-3988-4aa5-b05c-bde191fe34e4", "value": "112128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307224", "to_ids": true, "type": "vhash", "uuid": "21aa3ccd-d366-4854-881b-a6a6658f3001", "value": "115066655d151d055018z5fhz13z41z49z10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307224", "to_ids": true, "type": "filename", "uuid": "ca2bc0e7-f952-47c5-b46c-37f40f723726", "value": "3cdb760342bc041252efe74188ba8b106b10484a3638b0a2d33830016611a2c8.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307224", "to_ids": false, "type": "text", "uuid": "e79155f9-1979-448f-8592-305c5b9e523f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:30/72\nFirst Submission:2026-04-20T22:50:16.000000+00:00\nLast Submission:2026-04-20T22:50:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544752", "uuid": "c5a7dd12-de0a-4d55-aaa1-5ee74a482989", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544751", "to_ids": true, "type": "md5", "uuid": "b07e025b-0a2e-4ee7-8565-83aa8e0130a9", "value": "2e4fd5a58c60d1591bc4f27df78991f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544752", "to_ids": true, "type": "sha1", "uuid": "60a52694-f41d-46da-b73f-a304a4a3342a", "value": "08dfd54f21115b88f2f706818b856ef553932d91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544752", "to_ids": true, "type": "sha256", "uuid": "7e916991-d4d1-4e4c-b40a-87544ff78f9f", "value": "ce64e0d852b4e48a26aa0ac4c1840bb861c1d51cbac95387473bc7b63ac1bb0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307246", "to_ids": true, "type": "ssdeep", "uuid": "e2de82ee-dbad-45d4-bbbf-da65ccea2803", "value": "3072:DFrShv3i1ulGvwQbgQ8tW+u+3Z4Cv2GWwD80p5wCDvmXT7RLyzfWC7PlCqHZkWEI:DEhfi1s3MgQ8thIL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307246", "to_ids": false, "type": "size-in-bytes", "uuid": "3da10719-1468-488a-aed1-9f737b02ff1c", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307246", "to_ids": true, "type": "vhash", "uuid": "f4812ff3-3531-4b18-873c-72c11f8acebf", "value": "115066655d155d055018z599z9bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307246", "to_ids": true, "type": "filename", "uuid": "d99f21cc-a5b0-4fcb-99f1-bb4b0c2cdbae", "value": "ce64e0d852b4e48a26aa0ac4c1840bb861c1d51cbac95387473bc7b63ac1bb0f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307246", "to_ids": false, "type": "text", "uuid": "19c7cce0-4dbb-4bdc-9b9c-a3f30e500533", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:26:37.000000+00:00\nLast Submission:2026-04-20T23:26:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544755", "uuid": "bef0c99b-40dc-4053-a574-e4f5734b8307", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544754", "to_ids": true, "type": "md5", "uuid": "a4266710-a65a-4817-af03-085b998749d5", "value": "d26e7e8e6072f68c9de6878a4c8f68a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544754", "to_ids": true, "type": "sha1", "uuid": "359c839b-34fd-40fb-9646-e6ac79d87307", "value": "d67b45b61929bd68497b2b43ed611484d6f9abdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544755", "to_ids": true, "type": "sha256", "uuid": "22596a40-1589-4a34-8368-bc4799a9b2ca", "value": "d4fd4b65aea6fdd1968fd59046265a5d636f58309c28e12044a3abf145014f78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307268", "to_ids": true, "type": "ssdeep", "uuid": "be39e389-53eb-4f3b-8a6e-f83cdceb9767", "value": "3072:T37gaO81xEMdLAf7Hbw/uZsIV1dJqckVPxIiTGwWfg1:1OWNm7H0OVoyg1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307268", "to_ids": false, "type": "size-in-bytes", "uuid": "884f29e4-dca7-4ac5-8023-24d300b19d21", "value": "115200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307268", "to_ids": true, "type": "vhash", "uuid": "65fa5449-e6fe-4a1c-8ba2-e334b684f18c", "value": "115066655d151d055088z597z2095z13z51z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307268", "to_ids": true, "type": "filename", "uuid": "4055ef66-c911-4c4e-9626-f55673d2c51d", "value": "d4fd4b65aea6fdd1968fd59046265a5d636f58309c28e12044a3abf145014f78.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307268", "to_ids": false, "type": "text", "uuid": "87131718-cfcf-4ddb-96d2-7fb054f9304a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:46/71\nFirst Submission:2026-01-15T06:04:21.000000+00:00\nLast Submission:2026-01-15T06:04:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544757", "uuid": "4fef9a6a-f02a-468f-ae41-66573047deb1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544756", "to_ids": true, "type": "md5", "uuid": "8fcfc6f8-f228-4a3b-bf7f-ca5d17ea87be", "value": "76e566a492f899ec9d937c20ac1d5049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544757", "to_ids": true, "type": "sha1", "uuid": "9d0cc171-3e9f-4b4e-9411-06d3a9e0772f", "value": "2085ecfda95a25a235e558fa6e786d105bf9fea4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544757", "to_ids": true, "type": "sha256", "uuid": "158e3a57-40e6-4dcd-820b-83b87b5fc42f", "value": "e45f4d649d694882af1817d65a15654b0ca49b109047c26ad6e5de19966cf51c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307289", "to_ids": true, "type": "ssdeep", "uuid": "68959085-a4d8-4d17-93f4-ced53f23b8cc", "value": "3072:0lbNPzHPB/+WGPlQb6Ab7y35oyfm2GgzskZpgyzfWHDrB7ijPGyuIWCmvVyHPvGt:YHZ/LWM6Ab7kZMBm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307289", "to_ids": false, "type": "size-in-bytes", "uuid": "a0cabfd1-ced7-4673-a446-d6c3539d4705", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307289", "to_ids": true, "type": "vhash", "uuid": "921c56bf-f675-4ea0-adb1-76cfe1aa7c01", "value": "115066655d155d055048z517z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307289", "to_ids": true, "type": "filename", "uuid": "1ef22b35-838f-47a4-89cf-853cea0cbbd9", "value": "e45f4d649d694882af1817d65a15654b0ca49b109047c26ad6e5de19966cf51c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307289", "to_ids": false, "type": "text", "uuid": "c07e188c-40c0-47af-a642-151647de3400", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T22:46:19.000000+00:00\nLast Submission:2026-04-20T22:46:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544760", "uuid": "3fb384ea-4ab3-4c38-a455-bc2bf63d4e9d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544759", "to_ids": true, "type": "md5", "uuid": "40c60a18-2b4f-4613-b650-4a435da4b15d", "value": "f939381f2c65f068b5ad98c89bcc08c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544759", "to_ids": true, "type": "sha1", "uuid": "d2883039-08a6-4685-8733-63e713b0b4ac", "value": "2e759123e6dc6d3274eb9eb26ea2605d37ed8dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544760", "to_ids": true, "type": "sha256", "uuid": "c943a2dc-c3ee-4771-80fe-9cfecf6c8024", "value": "1cde2ae1a6ee52afc43f19279ea1a345510ed148822e6fc3960867f03ae5228b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307311", "to_ids": true, "type": "ssdeep", "uuid": "52a11c2e-34cb-4038-a813-82a9e3feec5f", "value": "3072:+2pXzx5iu/sWZGaBQbiAKhO2NoAOjzJoyfm2GgzskZpgyzfWHRzR9aiDUYcS:+Szx87UnMiAKhdfkS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307311", "to_ids": false, "type": "size-in-bytes", "uuid": "7920b721-ddb1-450e-b795-be060e915573", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307311", "to_ids": true, "type": "vhash", "uuid": "f1b84eea-6fa9-4c7a-b218-8f5b02618de3", "value": "115066655d155d055az567z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307311", "to_ids": true, "type": "filename", "uuid": "b4feb609-3b03-4e3e-8993-cd0770c99a52", "value": "1cde2ae1a6ee52afc43f19279ea1a345510ed148822e6fc3960867f03ae5228b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307311", "to_ids": false, "type": "text", "uuid": "dbef5e90-dc10-42d3-ba40-a0c60f67cd0b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-20T22:46:43.000000+00:00\nLast Submission:2026-04-20T22:46:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544762", "uuid": "050d44a2-3aaa-4e4c-80f8-2d09841e0521", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544762", "to_ids": true, "type": "md5", "uuid": "5e00a910-100f-46ae-86c4-3cc63be79b1e", "value": "b55b7bbd3839add149cfefd5174216b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544762", "to_ids": true, "type": "sha1", "uuid": "3a4f938e-10db-4faa-858b-3c74305f6fb0", "value": "f3d19dc1e66e0f68b0354f30cbcfdab40e36b55c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544762", "to_ids": true, "type": "sha256", "uuid": "031e9f53-ec45-48bf-b9ba-db641707382b", "value": "d9401240286730bce910dab1b50569790f75247bf8398f4297cf2b3a77a3236b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307333", "to_ids": true, "type": "ssdeep", "uuid": "3ffe2aa8-33ae-491d-8405-8590ce3e654f", "value": "3072:/PBNWmctmyGjsQb6QgGk/Rw/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCMm1F:hNDctLLM6QgGerV7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307333", "to_ids": false, "type": "size-in-bytes", "uuid": "66e78f2e-2f90-47d9-800b-5846f03aa415", "value": "107520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307333", "to_ids": true, "type": "vhash", "uuid": "256bc029-80fe-4709-a6f9-4636ae6733c0", "value": "115066655d155d055018z597z209bz3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307333", "to_ids": true, "type": "filename", "uuid": "61d140a7-849d-426e-9af7-f0839c30ac1f", "value": "d9401240286730bce910dab1b50569790f75247bf8398f4297cf2b3a77a3236b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307333", "to_ids": false, "type": "text", "uuid": "92b5b9c8-7a44-4ca8-8b8a-dca284ff6420", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:31:32.000000+00:00\nLast Submission:2026-04-20T23:31:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544765", "uuid": "01d82104-b5f0-4e5d-acee-012733fdf729", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544764", "to_ids": true, "type": "md5", "uuid": "54223422-7a24-463a-8cf4-2aec4c4a286e", "value": "53c9c2eb086fe4601a2fe68885d07382", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544765", "to_ids": true, "type": "sha1", "uuid": "c9473511-a26d-465b-a712-3c56db037376", "value": "c83b7a59406f837f47e37699f44ff8bc5de06179", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544765", "to_ids": true, "type": "sha256", "uuid": "07e8189a-060d-4f10-b36a-81cabdc62bed", "value": "c84fe6f7f5daecb3a28fb2c7f30e427ae31c8f56895e20f22526c8a21c264fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307355", "to_ids": true, "type": "ssdeep", "uuid": "0df157ab-5ef9-4a4d-8c09-e2b1d4cc01a4", "value": "3072:4iAlEjbNhpPnvgCBhhVQezDZ4C9x5q9EG:AlcrtgyRo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307355", "to_ids": false, "type": "size-in-bytes", "uuid": "dc1166e1-d376-4d7c-b62c-d763df93c749", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307355", "to_ids": true, "type": "vhash", "uuid": "4774e197-8a43-4a96-9c18-7a18b0b432d3", "value": "115066655d155d055018z5bnz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307355", "to_ids": true, "type": "filename", "uuid": "3751231b-db6f-4934-a057-b0c61ea70f07", "value": "c84fe6f7f5daecb3a28fb2c7f30e427ae31c8f56895e20f22526c8a21c264fc8.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307355", "to_ids": false, "type": "text", "uuid": "d73be228-2901-43ac-a5ba-ad2d2ddfff41", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:32:38.000000+00:00\nLast Submission:2026-04-20T23:32:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544768", "uuid": "45e1a7e6-2b77-4103-a847-ad2a5c76a2cd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544767", "to_ids": true, "type": "md5", "uuid": "2f72e195-fc1a-40ca-8df4-61209ada1668", "value": "fcbf40449e5c67d3a16fd6aad629cb31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544767", "to_ids": true, "type": "sha1", "uuid": "b429f34c-94dc-409d-b66b-5f8de08cf1a9", "value": "c49fb02ce7912501009c84ea0fafdde58c2294f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544768", "to_ids": true, "type": "sha256", "uuid": "ce3b7b97-73bf-488b-9cf5-b83a3698b61d", "value": "1dab18df9509122bf317e7a2e65374611098928b3a72348ebca362d71410cbb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307376", "to_ids": true, "type": "ssdeep", "uuid": "897d4ab0-6829-4084-8712-2d4b3a527263", "value": "3072:iLTXxQHNopvHzzSgGyVQezDZ4C/x5qVnV5K:WxA6VzXL85" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307376", "to_ids": false, "type": "size-in-bytes", "uuid": "a2b34763-10f6-47fd-8c43-1a44500b6091", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307376", "to_ids": true, "type": "vhash", "uuid": "0c5c67e2-8be9-4169-ae3b-3cc2ec060781", "value": "115066655d155d055018z5bnz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307376", "to_ids": true, "type": "filename", "uuid": "13cd0504-b096-478f-9c67-d432b77c09b9", "value": "1dab18df9509122bf317e7a2e65374611098928b3a72348ebca362d71410cbb1.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307376", "to_ids": false, "type": "text", "uuid": "4a067873-c636-4680-b366-10d098599607", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:35:13.000000+00:00\nLast Submission:2026-04-20T23:35:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544770", "uuid": "5ca8278f-4e03-44a2-8724-be0e087bd391", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544770", "to_ids": true, "type": "md5", "uuid": "037f9d4c-5aa0-471c-afef-05fdd6885dd8", "value": "754c39dcc52aedce4f482f103a9da22e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544770", "to_ids": true, "type": "sha1", "uuid": "b0227143-9bf5-4129-8a26-94f5ab10dedc", "value": "82a4b8a663e72c241becabd1807ed7f4471b736f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544770", "to_ids": true, "type": "sha256", "uuid": "7b52b29e-672c-46fb-b481-4a5823cbba9f", "value": "e41848d3ec6aebb34cd634bea9b7d096fb287910b65b5b9c5c0975592958a716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307398", "to_ids": true, "type": "ssdeep", "uuid": "8edf8a3a-fe36-45a2-9379-4c33a7d781d7", "value": "3072:kx1oll4YSI2bdOASdo5Xj+ZsIV1dqO5NEWXc:w0lLeAdoZKVL5GKc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307398", "to_ids": false, "type": "size-in-bytes", "uuid": "b4d75b23-0f23-4e1b-830f-d0f4c7e8cf64", "value": "114688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307398", "to_ids": true, "type": "vhash", "uuid": "864477d3-feb5-4b2a-885a-744c27e7a3b5", "value": "115066655d151d055088z597z2095z13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307398", "to_ids": true, "type": "filename", "uuid": "1cf75067-7479-40d9-8f14-00ec14aa47bb", "value": "e41848d3ec6aebb34cd634bea9b7d096fb287910b65b5b9c5c0975592958a716.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307398", "to_ids": false, "type": "text", "uuid": "18b7c89b-a269-4156-a2e1-78a0376a4003", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:47/71\nFirst Submission:2026-04-20T22:45:24.000000+00:00\nLast Submission:2026-04-20T22:45:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544773", "uuid": "249c2c12-a3bf-4d7b-922d-2418a474e77e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544772", "to_ids": true, "type": "md5", "uuid": "333a7625-97a9-4c7b-88bc-81b5924fd012", "value": "c9b61fc76f9b36189751bbf07839fcaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544773", "to_ids": true, "type": "sha1", "uuid": "fc1a4779-633b-4a10-b437-2da1f7f5fd6c", "value": "4f10e9e187c1d1e08f67c1da9657198a55d5229f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544773", "to_ids": true, "type": "sha256", "uuid": "fc43a91d-aabc-49b4-ba1f-52c534ea0e1e", "value": "7eccb6a38742dac9dab5d9d00750c8173ba0a7ad5fc6962a3126599cab0993ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307420", "to_ids": true, "type": "ssdeep", "uuid": "603407ed-239b-4898-b7d2-331c7de1cd92", "value": "12288:yTJ+sHD4pxOohSMjldNkdplY6IQFpP/mJ10b1:yTEsj4pxfNjljkvMQFpP+X05" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307420", "to_ids": false, "type": "size-in-bytes", "uuid": "ba41dc18-09d8-4071-913f-4a31589f8a65", "value": "628736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307420", "to_ids": true, "type": "vhash", "uuid": "fe089541-cdbf-4672-b9d8-f2cf84d2aeeb", "value": "0650a76d1565555c0d5d1098z5222zf3z3023z1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307420", "to_ids": true, "type": "filename", "uuid": "16128a4e-efba-4077-89df-061b38eb7d4b", "value": "7eccb6a38742dac9dab5d9d00750c8173ba0a7ad5fc6962a3126599cab0993ca.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307420", "to_ids": false, "type": "text", "uuid": "d421bf1c-fbcb-4f95-82cf-6825e874c543", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:31/71\nFirst Submission:2026-04-20T22:43:04.000000+00:00\nLast Submission:2026-04-23T04:59:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544776", "uuid": "3ea5a722-e941-47fd-8870-76871f010c94", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544775", "to_ids": true, "type": "md5", "uuid": "8f58bf02-486c-4b05-a101-d4eeb49babbf", "value": "e0980726d10e2424544a01c1244222a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544775", "to_ids": true, "type": "sha1", "uuid": "5e92ee0e-87ac-40c1-8a21-6ed60d3212bf", "value": "02acf674338b93af87b4a3c1281e67b6c9c7abeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544776", "to_ids": true, "type": "sha256", "uuid": "c2ce3692-e45c-4061-b1d4-7f5c5858be09", "value": "c086065da56bda3b3654003d541b44f9721baec9894066768447d6c3841504ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307441", "to_ids": true, "type": "ssdeep", "uuid": "3ffa2d3a-a612-4c6a-a72d-e2895b5278a5", "value": "12288:a6pxxGI8gvGOHJpAbDYGxLhZ+sPZtUmPFN:a6pxxx8U+bDYGxLhZtZ9PF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307441", "to_ids": false, "type": "size-in-bytes", "uuid": "93bdd2de-a0b6-42ac-ad7e-f3ba1cab090e", "value": "507392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307441", "to_ids": true, "type": "vhash", "uuid": "cb819434-d909-418e-b129-c251f63d43db", "value": "055056655d15156225za00a87z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307441", "to_ids": true, "type": "filename", "uuid": "ddb0a46e-3940-4bf8-a9a6-81d03912f30b", "value": "_c086065da56bda3b3654003d541b44f9721baec9894066768447d6c3841504ab.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307441", "to_ids": false, "type": "text", "uuid": "6716aac6-02ae-418d-a274-0f1a6868cdac", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:62/72\nFirst Submission:2026-04-20T22:44:06.000000+00:00\nLast Submission:2026-04-20T22:48:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544778", "uuid": "ded794f1-f2ce-479f-8e46-866549375fd9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544777", "to_ids": true, "type": "md5", "uuid": "31b66700-71d6-47b2-b1ed-26002fe0fd0c", "value": "7ebeb95d6977e60fdb8eb52ec47fa578", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544778", "to_ids": true, "type": "sha1", "uuid": "6e40fb86-1394-4552-9e2e-76b1d3113cd3", "value": "fcb45e37241a8859d32d19b4fa31411e2e9f9128", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544778", "to_ids": true, "type": "sha256", "uuid": "3b15f08a-740f-4af4-8942-7eaf89bc8503", "value": "d1dfdf2ccba9e5c48800f8ad3509c739e32496e881a97297ea31778fcbaeb3a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307463", "to_ids": true, "type": "ssdeep", "uuid": "3ac4ecd9-fd02-45b5-92ff-175e72992aa7", "value": "3072:6/QVhC/k3vkUwkyPgWpgX6Y1pNMiKsW7Qp91ndS+Bx/XyWgVhFl0nM2d:6oC/ocGUhYZ7KsW8ppFZtMh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307463", "to_ids": false, "type": "size-in-bytes", "uuid": "973cc375-eb70-4f89-8b17-5067255175b5", "value": "201216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307463", "to_ids": true, "type": "vhash", "uuid": "06be9ea8-7044-49a7-b1be-67dd44b99182", "value": "0250a76d1555555c0d1d1038z3c3afz13z1032z117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307463", "to_ids": true, "type": "filename", "uuid": "59ca852e-d5a7-4c7c-b2fd-a617237ebb80", "value": "d1dfdf2ccba9e5c48800f8ad3509c739e32496e881a97297ea31778fcbaeb3a1.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307463", "to_ids": false, "type": "text", "uuid": "7306908e-ab1b-4aad-b7dd-72533707a2f4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/BroPass.AH!MTB\nVT Total Detection:51/71\nFirst Submission:2026-04-20T22:44:30.000000+00:00\nLast Submission:2026-04-20T22:44:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544781", "uuid": "5d8cdc0c-57f1-4c26-83ed-aabbd556f20a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544780", "to_ids": true, "type": "md5", "uuid": "1eba6dd3-fe8c-4cf1-bc10-d53ca063c9eb", "value": "0482525721e47a8b20e05383eda6422d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544780", "to_ids": true, "type": "sha1", "uuid": "723e2470-938e-4657-85d3-14e7ccc0a6cc", "value": "d0214f74be687453b062b96c88a98610b151002f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544781", "to_ids": true, "type": "sha256", "uuid": "98e7af8c-f275-4070-ba7b-a1b53635eebf", "value": "9e7a53f3764e9b8d3c0d214ac0412c0883188085c573a5d0442af6e368bf15cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307485", "to_ids": true, "type": "ssdeep", "uuid": "533f15d5-0f3a-49e6-ba95-165fc7d29df5", "value": "6144:skgFoNhTCxqsBkvpecbL+17lQAN87SZ+VDzXbZCTCkQgETj9PVAQ+y:sDFEhTCxZkgcmgAN8G6DzQCHjwTy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307485", "to_ids": false, "type": "size-in-bytes", "uuid": "00c5a8c8-a502-4e55-ac7a-8ba905c63acb", "value": "369664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307485", "to_ids": true, "type": "vhash", "uuid": "30b297dd-9314-4b82-bde4-34bbcec5da5a", "value": "23503665551380833ffe519171d85" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307485", "to_ids": true, "type": "filename", "uuid": "f4f14cfa-9a25-461e-af56-edaa4b658597", "value": "GRAPHISOFT ArchiCAD 27 Build1" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307485", "to_ids": false, "type": "text", "uuid": "78f17dd3-1581-49fa-90c1-ea9f6906cc6d", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Quasar.GG!MTB\nVT Total Detection:55/72\nFirst Submission:2026-04-20T22:44:52.000000+00:00\nLast Submission:2026-04-20T22:44:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544783", "uuid": "bcb301b8-adec-4ca9-9db7-585ec311e9d6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544783", "to_ids": true, "type": "md5", "uuid": "f230fcb3-2587-4d75-90c7-235231eb875f", "value": "0df125c0bf80fff484b7aac57a5bb0ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544783", "to_ids": true, "type": "sha1", "uuid": "799bef45-0578-43b0-8a85-3f9e83964ccf", "value": "53cb2eaf53a080c4d3797301cabc777be6de9445", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544783", "to_ids": true, "type": "sha256", "uuid": "3f8fadd4-7edb-4e1d-b049-cf76973ebdf8", "value": "09d1865e49d95d190175dc9e77dd3fb745216fa3eec1172bee66bef86b9c65fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307506", "to_ids": true, "type": "ssdeep", "uuid": "ed40b0cc-a9dd-4497-9b4c-ca2b7c7ae6c2", "value": "3072:Jj9Xf3irLrXJpuYmc0m9zsvE9by3EBKD:VB3OfZAcXFDBI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307506", "to_ids": false, "type": "size-in-bytes", "uuid": "c241303a-377d-4184-b3aa-94b220a0376c", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307506", "to_ids": true, "type": "vhash", "uuid": "78b222d5-45af-47de-b4b6-1ea20ea1ac60", "value": "115066655d155d055018z5d7z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307506", "to_ids": true, "type": "filename", "uuid": "184068dc-4c3f-434c-ada2-9bacad5de859", "value": "09d1865e49d95d190175dc9e77dd3fb745216fa3eec1172bee66bef86b9c65fc.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307506", "to_ids": false, "type": "text", "uuid": "88110005-70fc-4437-abfd-5b739d3d62d0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T22:43:36.000000+00:00\nLast Submission:2026-04-20T22:43:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544786", "uuid": "f23d25dd-fe95-47d0-b748-d7ed578fdae6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544785", "to_ids": true, "type": "md5", "uuid": "309e65ce-1a60-488c-84f4-1b6eaa56d5ed", "value": "79b5672961c8f1c954e42060bab2fdd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544785", "to_ids": true, "type": "sha1", "uuid": "f9e2ae90-a82f-4582-9251-2fef8d54f6bb", "value": "fd204f76b86138eaeab379c6f728d4987a9bc66c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544786", "to_ids": true, "type": "sha256", "uuid": "55532a9e-8cf3-4663-ae0e-4aa277cf4aa5", "value": "766d884d44b72629336e158a267fbb3f56103c7e739314061b9ecd4b7c68c091", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307528", "to_ids": true, "type": "ssdeep", "uuid": "2a51620f-77a5-4a83-8a61-416ca30b5fbd", "value": "6144:rmHW57CaUiS+jKnkT26KVurHy5iZM2j+uhGA:S+C5FFkKtxgpYA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307528", "to_ids": false, "type": "size-in-bytes", "uuid": "62ec9552-d597-4ce7-af9c-b3b486bd3f04", "value": "238126" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307528", "to_ids": true, "type": "vhash", "uuid": "814e250c-56e0-4833-9a6d-2440ef7a6dd2", "value": "1251376d1515151c051d1az180elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307528", "to_ids": true, "type": "filename", "uuid": "fa0c52ad-fce6-4216-939c-4c7a232b1fc8", "value": "7wdbk6mq.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307528", "to_ids": false, "type": "text", "uuid": "b66d7a9d-e7b0-4823-b449-6baedfb9bb76", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:21/71\nFirst Submission:2026-04-25T14:08:24.000000+00:00\nLast Submission:2026-04-25T14:08:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544788", "uuid": "688f0755-1697-4375-b00c-5e31c4e4667e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544788", "to_ids": true, "type": "md5", "uuid": "a4ac00da-6473-43d7-aa31-c9c2cff245fd", "value": "e66058ca8e6b05aa766ada6b4599be47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544788", "to_ids": true, "type": "sha1", "uuid": "c8511252-e346-474b-987d-d9f3678ab692", "value": "3eee2641e54694d4e437e4bf517f1683748349fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544788", "to_ids": true, "type": "sha256", "uuid": "995f8aba-0429-4a4f-b2a1-bc26731c9eae", "value": "a76cde194a75c015813ff92a2e2ad809b0be10b72b0ec1209d14187b3434ad62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307571", "to_ids": true, "type": "ssdeep", "uuid": "d421478c-8eea-4e3a-9b9e-f58cb16e90b6", "value": "6144:jSWZ7CaMVS+QKnkZ28KVu/HyeiZ62j5yd7A:FC5UgkcrJBPYA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307571", "to_ids": false, "type": "size-in-bytes", "uuid": "3e91c66e-cd98-40f8-9b86-919e7760c022", "value": "238639" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307571", "to_ids": true, "type": "vhash", "uuid": "97284f16-9f0a-4b9d-85d6-7593640aad79", "value": "1251375d1515151c051d1az180elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307571", "to_ids": true, "type": "filename", "uuid": "0e6bfde8-5ade-489d-8137-c746a9a9a3b2", "value": "a76cde194a75c015813ff92a2e2ad809b0be10b72b0ec1209d14187b3434ad62.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307571", "to_ids": false, "type": "text", "uuid": "0d5dfed2-547e-4483-a72c-0e888126f906", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:19:47.000000+00:00\nLast Submission:2026-04-20T23:19:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544791", "uuid": "11ce3929-8ab4-45ad-8e6f-ddcc893768a7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544790", "to_ids": true, "type": "md5", "uuid": "cfdec8ca-21c5-4026-9cae-fd242020321d", "value": "e6dc4c0e5774d69777767fc466709a15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544791", "to_ids": true, "type": "sha1", "uuid": "46603400-9cf1-4269-b42a-123d7fe408d0", "value": "1eee3944d63d4a71594d70c2549b9beb955d085f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544791", "to_ids": true, "type": "sha256", "uuid": "fa3bdeb5-0789-4f23-8164-7a7ea7a12d6c", "value": "936eedf75cb2d53d90dfd3c5f7faab94f63901a06df96d6c483b9d4d6c7613bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307592", "to_ids": true, "type": "ssdeep", "uuid": "93b8c081-0211-4771-9640-701d7285d7b4", "value": "6144:X7CawJ7S+YbKnk92XKVuvHyIiZE2j7b7M:LCNJejGk46lH5PM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307592", "to_ids": false, "type": "size-in-bytes", "uuid": "839dd0f6-d674-405b-9088-7bd92cec9a10", "value": "241069" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307592", "to_ids": true, "type": "vhash", "uuid": "43e78b1d-cee7-4651-b513-57ef76de0e53", "value": "1251375d1515151c051d1az170e5z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307592", "to_ids": true, "type": "filename", "uuid": "8c1bf1b1-cbe7-4c8e-a244-838690419e5a", "value": "vfq1c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307592", "to_ids": false, "type": "text", "uuid": "ff951613-5c65-4ea3-9c94-631337fd2813", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:39/71\nFirst Submission:2026-04-23T09:10:49.000000+00:00\nLast Submission:2026-04-23T09:10:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544794", "uuid": "5792daf1-32a0-4375-985d-6eacc2aaafb1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544793", "to_ids": true, "type": "md5", "uuid": "ff739ee2-1ff4-47a3-9bfd-3b3255d3bbfd", "value": "9b19d970ca83099a06e857e77f701930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544793", "to_ids": true, "type": "sha1", "uuid": "0885425f-f07a-40e4-8327-4fd89f68d77b", "value": "da9c84476f7580542529f04135c9db2bcf775dff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544794", "to_ids": true, "type": "sha256", "uuid": "32c1d73a-3a0b-47c0-af50-ace6e1bc514f", "value": "5e401e6acce66f5010cca2b1cb4ac05c7a927df03aa021178e012af12639a041", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307635", "to_ids": true, "type": "ssdeep", "uuid": "29b77e32-9c59-4449-8f74-621d08ab3e85", "value": "196608:JHxcp9ym3EltDUJVpHxcp9ym3VHxcp9ym3OHxcp9ym3cHZHxcp9ym3cHgHxcp9y/:bGpCpaGpHGpcGpMrGpMOGpM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307635", "to_ids": false, "type": "size-in-bytes", "uuid": "8fb8f7ff-552c-4ac0-bc9f-792f973388d8", "value": "12664832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307635", "to_ids": true, "type": "vhash", "uuid": "cb289045-2e35-47ec-94b4-2e197c87b529", "value": "45155b83172cd3ff230fec9025027227" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307635", "to_ids": true, "type": "filename", "uuid": "86868198-932c-40ff-97a4-904c2d5f2d09", "value": "5e401e6acce66f5010cca2b1cb4ac05c7a927df03aa021178e012af12639a041.bin" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307635", "to_ids": false, "type": "text", "uuid": "f778e1a4-d379-4cf2-9922-43e9e2d356ff", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:20/62\nFirst Submission:2026-03-31T01:38:06.000000+00:00\nLast Submission:2026-04-21T01:58:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544796", "uuid": "c99f7004-39cf-43f8-85b4-6ed85e50a5b7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544795", "to_ids": true, "type": "md5", "uuid": "ae7f5de6-6f0c-48a9-898d-0848476091a3", "value": "030e49320d72821102d9c37c77d6de25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544796", "to_ids": true, "type": "sha1", "uuid": "354cf7a6-d35b-4b65-ae39-832e9abc6048", "value": "c2d96bb04e1c829bcc7788cdfb8a8caf88dc91bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544796", "to_ids": true, "type": "sha256", "uuid": "a6116322-d3a7-4887-8dd6-dc9304057e25", "value": "443e9b7be2c3ffc70a0ea6710947e0e9582cdb81626c51d3090767475a183903", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307678", "to_ids": true, "type": "ssdeep", "uuid": "ed4f5e53-5d5a-4ca7-9769-374e32ece9df", "value": "384:S0D9puehsFtf58S9ozwrtw8dUk1gmckVPxIiTgALMyD:SA94eYtf+SKzosnmckVPxIiTJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307678", "to_ids": false, "type": "size-in-bytes", "uuid": "d61d8346-adca-4e12-b4ca-1e3156b1b877", "value": "17408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307678", "to_ids": true, "type": "vhash", "uuid": "4a217a85-9aa1-49f9-b409-7608dd16ab87", "value": "1140b76d1515151c051d1az140elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307678", "to_ids": true, "type": "filename", "uuid": "b730c5dd-31c9-479f-a780-097d2bf2d356", "value": "aea97r5oo.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307678", "to_ids": false, "type": "text", "uuid": "7d0c4783-e489-4e5b-b127-e1af7fc0467b", "value": "Type Description: Win32 DLL\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:17/72\nFirst Submission:2026-04-24T03:08:40.000000+00:00\nLast Submission:2026-04-24T03:08:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544799", "uuid": "714d02e4-62c9-48f8-b878-9da6251df4f8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544798", "to_ids": true, "type": "md5", "uuid": "f3e3b107-3221-4b23-a565-2a2f710b4569", "value": "133c8a3b80dc9cda4064024cc5ab4700", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544798", "to_ids": true, "type": "sha1", "uuid": "67cd3c9f-7f55-4399-ace5-e0601ea1ac18", "value": "ad345487a2637bc93a4432d8f55100094f682240", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544799", "to_ids": true, "type": "sha256", "uuid": "dcdbabf8-2fc7-42bb-bbe5-56be8de2dc65", "value": "45e90326a41c0d6099b977becff963ac257bd76527a288e6a93d420072b459d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307700", "to_ids": true, "type": "ssdeep", "uuid": "c57180c0-342a-4b33-a3f3-0a1c5ee5c3dc", "value": "6144:Bi7CaYhS+XKnk+2JKVu1Hyz8iZT2julvxA:+CFYFk1IzzTk2xA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307700", "to_ids": false, "type": "size-in-bytes", "uuid": "f61abccd-8f00-4ec1-aa0e-49ef244429fa", "value": "236053" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307700", "to_ids": true, "type": "vhash", "uuid": "1264bfdf-3119-4f8b-89e7-37e345e0b433", "value": "1251376d1515151c051d1az180elz3ez3" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307700", "to_ids": false, "type": "text", "uuid": "3e3ceca9-7f71-4936-a4ce-06615ea99d1a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Tedy!MTB\nVT Total Detection:29/71\nFirst Submission:2026-04-25T04:10:47.000000+00:00\nLast Submission:2026-04-25T04:10:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544802", "uuid": "d2b0b184-3f3f-4de2-b838-5c0b3ce5a682", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544801", "to_ids": true, "type": "md5", "uuid": "d226d22c-6c8c-4862-b29b-1eb959c2b505", "value": "14aa0f03dbe9efd0cb78db75263175da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544802", "to_ids": true, "type": "sha1", "uuid": "5dc04007-cfa2-42fc-abb9-4ec220f691e3", "value": "a192bcdefdcd02ad2c41d472c25ccbfd94845479", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544802", "to_ids": true, "type": "sha256", "uuid": "20640b92-a8b8-4087-8baa-dc07c1b1cc5c", "value": "0fd1395782bdfafc903563f0c4c9a06b289348f2f01bf8d448cea941dce68da9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307722", "to_ids": true, "type": "ssdeep", "uuid": "8851c994-6f40-4a9a-92e8-f3646e074253", "value": "1572864:ntw/e7VzrQSLKSuZ8NMeJNgKElq4AWBUQt+z:nfZRLKSfp8ic+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307722", "to_ids": false, "type": "size-in-bytes", "uuid": "8e0b26c6-f83f-49b8-892e-f3d3ea5c55cb", "value": "147788224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307722", "to_ids": true, "type": "vhash", "uuid": "3d6700fd-12f0-4627-a545-a79dc300bb0f", "value": "0180f6656d156515501614z232zff8z143za7z3001f334zb9e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307722", "to_ids": true, "type": "filename", "uuid": "5c351020-b0ca-4b02-ab71-be6539cc20be", "value": "electron.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307722", "to_ids": false, "type": "text", "uuid": "4a6753b6-f3cb-417d-b973-b225f75e476d", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/70\nFirst Submission:2022-12-20T19:10:20.000000+00:00\nLast Submission:2026-01-28T12:42:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544806", "uuid": "6ef4a65f-0a35-4f5c-a453-ac8e76f33bbc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544805", "to_ids": true, "type": "md5", "uuid": "4723dbb4-8519-404b-a385-4c387fa251d4", "value": "2634f3c18272adde20506cdd03f95b49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544805", "to_ids": true, "type": "sha1", "uuid": "5d93af70-abd0-4db0-bb76-ca31ad4ffe29", "value": "c4ce1b8935b2cee682df353690e0e6dcc6e53deb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544806", "to_ids": true, "type": "sha256", "uuid": "1078124d-43b6-49cd-a75f-576bc3d11a2e", "value": "43552a00df3c236bb0d5b9483cbf1c1ba8c61762b2ec8373c85c1b20fb4cf7d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307766", "to_ids": true, "type": "ssdeep", "uuid": "11c8a05b-5054-48b4-88dd-2eb94143fcd0", "value": "384:A96Z9cFRSg5FZLx3gowOBdjimckVPxIiTrBX3qWLkN:AQZ9c/j5+o1KmckVPxIiTp3B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307766", "to_ids": false, "type": "size-in-bytes", "uuid": "32270201-28b5-4e7d-ae94-76d02e65d599", "value": "18944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307766", "to_ids": true, "type": "vhash", "uuid": "fbaacb17-60b3-414e-bd7c-bde2d6538b3c", "value": "1140b76d1515151c051d1048z191mz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307766", "to_ids": true, "type": "filename", "uuid": "45830d2d-7e30-47b0-85c7-54824887efa6", "value": "yj0y6d4ql.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307766", "to_ids": false, "type": "text", "uuid": "943cea40-c1bb-490d-aa03-8e296fbd12e9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:13/71\nFirst Submission:2026-04-20T23:27:52.000000+00:00\nLast Submission:2026-04-21T06:05:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544808", "uuid": "bd5e0aa2-4639-410c-b29e-d39a9e1f567b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544807", "to_ids": true, "type": "md5", "uuid": "dbb0111b-d09e-4685-b7a5-8abc91428a8a", "value": "2d6a9d1bdce0aa69bd8061836613c073", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544808", "to_ids": true, "type": "sha1", "uuid": "772aecad-133b-464b-968e-cabb8c76174f", "value": "0300a1678ab4560cdd3d3b8cb396671629471bbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544808", "to_ids": true, "type": "sha256", "uuid": "d9aa0977-3667-48c5-8f79-0ace1831c8ea", "value": "3f8815f54611bedb73c6f8a36cc4dc0c138bae9b9e0f013d47746acc9ccd30bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307788", "to_ids": true, "type": "ssdeep", "uuid": "18d2f46e-b35d-463e-813d-777c6e61b4af", "value": "3072:MBDVl7xAa4Z0S+0tKnkdsT2dq3KVuVHyFOiZPPxU2j0+iqkM:K7Ca46S+sKnk22dQKVuVHysiZG2j0+yM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307788", "to_ids": false, "type": "size-in-bytes", "uuid": "e886ac2c-2c48-4c3d-a65f-e29695858b4f", "value": "241097" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307788", "to_ids": true, "type": "vhash", "uuid": "9a50437c-6af0-4555-8409-5be522c04300", "value": "1251375d1515151c051d1az170e5z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307788", "to_ids": true, "type": "filename", "uuid": "77b2c2aa-2f45-437b-8453-255856cb006d", "value": "3f8815f54611bedb73c6f8a36cc4dc0c138bae9b9e0f013d47746acc9ccd30bf.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307788", "to_ids": false, "type": "text", "uuid": "1b4ae77e-196e-4b27-99ef-0a591d8fdfda", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:43/71\nFirst Submission:2026-04-21T00:42:24.000000+00:00\nLast Submission:2026-04-21T01:48:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544811", "uuid": "2bc1b466-32c1-4b91-85e0-3593f8337b40", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544810", "to_ids": true, "type": "md5", "uuid": "47724b94-644b-4d66-800d-07ff61ddfacc", "value": "2f9246f506d28735902f550c58f8b242", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544810", "to_ids": true, "type": "sha1", "uuid": "b59be89e-db70-4665-9f13-16ada55d8f6f", "value": "dfb504a58117127bcafff061a09726657271b0b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544811", "to_ids": true, "type": "sha256", "uuid": "b32cd197-d46d-476c-a709-413d9844372f", "value": "056e17a0478ce166200140dbe0165140d8f7c851f0acc0cca6d1f267df1eaeec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307831", "to_ids": true, "type": "ssdeep", "uuid": "2253f251-0cfc-4989-ad0b-0b78f2f2d138", "value": "3072:Pq/azEnyFSpckqn/JquJxSjjKjckVPxIiTRQjol:PquEyY2n0xayjol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307831", "to_ids": false, "type": "size-in-bytes", "uuid": "ff37964d-56e3-4ba8-821d-7e477ebfc5a6", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307831", "to_ids": true, "type": "vhash", "uuid": "f2c2bf74-f117-4bbe-80a2-6432c79d52b5", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307831", "to_ids": true, "type": "filename", "uuid": "1ffa855f-f243-4378-a54d-e6b7d35de2c5", "value": "056e17a0478ce166200140dbe0165140d8f7c851f0acc0cca6d1f267df1eaeec.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307831", "to_ids": false, "type": "text", "uuid": "c7937354-5a4f-4c0b-9b35-a028a20a57e8", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T22:53:28.000000+00:00\nLast Submission:2026-04-20T22:53:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544813", "uuid": "c1888527-02d4-4542-860c-3c6b1183ceb8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544813", "to_ids": true, "type": "md5", "uuid": "842eee40-b794-4a5b-9cd0-cd1f8649a7e0", "value": "3940ced328fb743573e03e2ed43c39be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544813", "to_ids": true, "type": "sha1", "uuid": "d029bb00-dc3f-4381-ae77-52383fad1886", "value": "345432f3be1f8f7e2da61b85c398e910b7860742", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544813", "to_ids": true, "type": "sha256", "uuid": "67424119-6e89-4650-8632-97c33449890a", "value": "3814491ae90559ef24d7d4c8fbb35870c0594fa7b877b92c93306d0c25b65b7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307852", "to_ids": true, "type": "ssdeep", "uuid": "3a7f75f3-f2c0-4769-b1c1-af53f15fd6d4", "value": "3072:F/Tl7aPY9s/laeUa9xqQ8oBVgPe6boo/lK:T7aPd/l/tqQVL5Al" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307852", "to_ids": false, "type": "size-in-bytes", "uuid": "99880f47-c5c8-41a8-b4b2-347b5b4a6a28", "value": "118272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307852", "to_ids": true, "type": "vhash", "uuid": "a4a94b40-6d88-4356-b351-ad2b0b0c5914", "value": "115066655d151d055098z647z2095z13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307852", "to_ids": true, "type": "filename", "uuid": "45e3dfb7-ce29-40e1-aba1-894203221f2e", "value": "3814491ae90559ef24d7d4c8fbb35870c0594fa7b877b92c93306d0c25b65b7a.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307852", "to_ids": false, "type": "text", "uuid": "5d3cc6f1-4e95-4d78-a892-78aa390d586b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:51:39.000000+00:00\nLast Submission:2026-04-20T23:51:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544816", "uuid": "a52e7adc-3734-429a-86b7-06bd2bb23418", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544815", "to_ids": true, "type": "md5", "uuid": "eac4949d-a6b3-4666-aeb6-2db0a15377f7", "value": "3cf74e2f68917650452b3558a40ec218", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544816", "to_ids": true, "type": "sha1", "uuid": "cd955c31-26a0-4567-a3f7-eb7a957b8729", "value": "dd94a11e0d2f28d53976c49ce345a2d943b76c6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544816", "to_ids": true, "type": "sha256", "uuid": "364b889f-b758-4017-96ea-614fb1195893", "value": "263e1cb15db9746dcbc7a2a032633a61ce6a23ff1246e9f96bf62e0eb153c76d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307874", "to_ids": true, "type": "ssdeep", "uuid": "099abbe7-7d86-4e06-93a6-74c0c510e932", "value": "3072:mR+Rn4RwPUciuNGC9QbfQ1/+DA4/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWD:mIXPriY3MfQ1/4Mxa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307874", "to_ids": false, "type": "size-in-bytes", "uuid": "346e2799-8de0-40a3-b373-7e44444fdcc9", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307874", "to_ids": true, "type": "vhash", "uuid": "e97dc4a3-26c6-4217-b9bc-19b4d98556a5", "value": "115066655d155d055az567z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307874", "to_ids": true, "type": "filename", "uuid": "7453d121-3b9d-44a8-8796-e73754718720", "value": "263e1cb15db9746dcbc7a2a032633a61ce6a23ff1246e9f96bf62e0eb153c76d.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307874", "to_ids": false, "type": "text", "uuid": "ba7921b1-8b75-4c4e-b0b2-97a4e9c4520c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544819", "uuid": "afe32d78-41a9-4e91-abca-feab05608214", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544818", "to_ids": true, "type": "md5", "uuid": "31f9d497-113a-4967-9eb3-1e4def8b36a1", "value": "423ffb6b6f0ad2ea2a02236e6cbedeb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544818", "to_ids": true, "type": "sha1", "uuid": "5bd1b940-b4f7-44de-9cf9-5eab4a6ac60e", "value": "759c0c2ec4d738957ba36c69e906efddccbed268", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544819", "to_ids": true, "type": "sha256", "uuid": "a581b5c7-304d-451c-9f09-ea067502365a", "value": "3038962c429342d52261e92d9804d3aa3446c981e79d204cd7b8cadf61aea512", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307896", "to_ids": true, "type": "ssdeep", "uuid": "9c0f754c-604d-4061-9c1c-050e301306da", "value": "3072:LSbNhbCdHdaLyAiWQ4wXhJLiwAtpFrpqpqpvvkTiGLh7:GCRUumFwXhJmW37" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307896", "to_ids": false, "type": "size-in-bytes", "uuid": "93928b6a-9259-4219-9f16-f79f38396f70", "value": "104960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307896", "to_ids": true, "type": "vhash", "uuid": "6521ad29-6806-4316-b7dc-ff14d2599b62", "value": "115066655d155d055az4cnz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307896", "to_ids": true, "type": "filename", "uuid": "7b073aa4-f411-4902-8b24-b7697bd22133", "value": "3038962c429342d52261e92d9804d3aa3446c981e79d204cd7b8cadf61aea512.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307896", "to_ids": false, "type": "text", "uuid": "1cc6d1d8-ff8b-4e83-9f24-7d6ba53e09da", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:40/71\nFirst Submission:2026-04-20T23:55:21.000000+00:00\nLast Submission:2026-04-20T23:55:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544821", "uuid": "ad535922-67eb-4be4-9f0c-fd3b93d4625a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544820", "to_ids": true, "type": "md5", "uuid": "096f400b-2bb6-497f-b3ab-45af70cb8437", "value": "448e3a993155f155aefb78f35ab2a6d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544821", "to_ids": true, "type": "sha1", "uuid": "e2cd01e1-3505-4dcf-85b1-81a422ed3984", "value": "1b0050f00409923489c0dc6f789a3455b05d30cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544821", "to_ids": true, "type": "sha256", "uuid": "5e9b7459-7f57-449b-a383-81121f0b77a9", "value": "1bb312e1770e3a1684eedeee54b9bf0ec74f367209ee46fc0dcb76c4390e6ff2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307917", "to_ids": true, "type": "ssdeep", "uuid": "675ada14-a9da-437d-8cfe-79c382a5f841", "value": "1536:9yxttrLOUnelseYw4MhLVxj5pVTH4SFcSdhn+hlLDvtEJsWTrd79dl27cxVrxpN:9yB/Rngoyhj5plYAhn41DtqBzk7wrd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307917", "to_ids": false, "type": "size-in-bytes", "uuid": "97ab5c51-fa86-4d7f-b8a4-ac6e6b3760d7", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307917", "to_ids": true, "type": "vhash", "uuid": "7afab762-e03a-4a43-ad32-81a02dc8e672", "value": "115066655d151d055018z5fhz13z41z4az8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307917", "to_ids": true, "type": "filename", "uuid": "02f02ea0-f85d-4bf9-996f-cda5be0dc01e", "value": "1bb312e1770e3a1684eedeee54b9bf0ec74f367209ee46fc0dcb76c4390e6ff2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307917", "to_ids": false, "type": "text", "uuid": "e4f43b25-bd10-4d8c-b5df-bac81efcdf99", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:52:44.000000+00:00\nLast Submission:2026-04-20T23:52:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544824", "uuid": "d974a3dd-5c9e-40a0-981c-1a4d25c8e682", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544823", "to_ids": true, "type": "md5", "uuid": "52f2c7b0-bc1c-4197-a21c-b75352a89271", "value": "4529f0e9f250c647ea638bd3cd72edfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544823", "to_ids": true, "type": "sha1", "uuid": "f9b13425-5641-40c1-b432-2c114d57bde7", "value": "bff71ae77154c29de1d49b6b40e56f4c6c086591", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544824", "to_ids": true, "type": "sha256", "uuid": "3e05037e-41be-41ec-af4a-fab101bf2603", "value": "0f55011a79a851db19afd2e1863867d861dd9c823c1c58e135b6904c9ea634f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307939", "to_ids": true, "type": "ssdeep", "uuid": "9bc2d51f-3e36-43d2-8578-9e90d4a7404b", "value": "3072:8vBGrVNNR2AJNQKAfRAtVvrXT/7nM4L3zm2Q9ZVbZacTShsrHkBhj3N:4G5HoqXAfRYWKh7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307939", "to_ids": false, "type": "size-in-bytes", "uuid": "236b1b36-1372-4e00-968b-61980d728854", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307939", "to_ids": true, "type": "vhash", "uuid": "60d08f61-cd71-4f63-a6a5-467490b3cf8b", "value": "115066655d155d055048z4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307939", "to_ids": true, "type": "filename", "uuid": "df7bc8c2-8a0e-433f-9cb5-905aab22f116", "value": "0f55011a79a851db19afd2e1863867d861dd9c823c1c58e135b6904c9ea634f7.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307939", "to_ids": false, "type": "text", "uuid": "9294da77-1ae1-4f3b-8996-e167ae4858e1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:39/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544826", "uuid": "fa74c6ef-f5b2-447d-8310-f5f7d16de3e5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544825", "to_ids": true, "type": "md5", "uuid": "3473258a-d852-4fe6-a97d-b5658e898e03", "value": "4978ed03bfc965f76de5e5125db2255f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544825", "to_ids": true, "type": "sha1", "uuid": "cff8b70b-0b39-41f5-bcb1-d10e90745497", "value": "7c66035245ca703453e506518599dcb0ca7e58ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544826", "to_ids": true, "type": "sha256", "uuid": "71fdfa9a-4d5b-4462-bb09-cb3df645891c", "value": "0e6e36bbddb377f477e49c6555b10d0cd7e9c2d5715dd925a31caf1fd6d4706d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777307961", "to_ids": true, "type": "ssdeep", "uuid": "62b49abe-2d5f-4700-a5db-c7c9e44bc25a", "value": "3072:hhTeXQwDasaAmiTQhAS/xYN0q51756565rnIryHi/C9rK:HeXbuFaTcAS/0Ki+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777307961", "to_ids": false, "type": "size-in-bytes", "uuid": "69eda6b3-3fd3-4b3f-beb8-af16b1786d7b", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777307961", "to_ids": true, "type": "vhash", "uuid": "1a94b264-e943-4461-b0ea-6b2cb75a2d32", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777307961", "to_ids": true, "type": "filename", "uuid": "1acf89bb-725b-4bd3-a8d3-3bb0e597e359", "value": "0e6e36bbddb377f477e49c6555b10d0cd7e9c2d5715dd925a31caf1fd6d4706d.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777307961", "to_ids": false, "type": "text", "uuid": "875df214-0c78-46bf-baf4-b8133ec5ad68", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-21T00:29:17.000000+00:00\nLast Submission:2026-04-21T00:29:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544828", "uuid": "550a320f-8d6d-4e9d-a1ab-63f2bb20bd6c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544828", "to_ids": true, "type": "md5", "uuid": "20009287-b99d-463d-b95f-51ca5b5cef12", "value": "512c1dd0e7496be9202abe08f4c38b20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544828", "to_ids": true, "type": "sha1", "uuid": "13b2eddb-1dda-48f8-bf1d-72e124a18d69", "value": "f8c9979851294a7db33cfb9b57b48d1f82bb1fa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544828", "to_ids": true, "type": "sha256", "uuid": "88e8b9c2-e5ef-4468-b6dd-26318c0f4a40", "value": "3908d551858e61ee945c8b070022cae282a3fa377e08ae7b0d94916183756c0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308003", "to_ids": true, "type": "ssdeep", "uuid": "2e67a7fa-e980-4ed1-903c-78141efcfd57", "value": "3072:qFNnYhU3TJqneiGecQbh5dn9QntSVQq1niT:cTon3SMh5Z9CsI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308003", "to_ids": false, "type": "size-in-bytes", "uuid": "54efe9b5-3f4a-46b1-9f89-5160fab566d3", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308003", "to_ids": true, "type": "vhash", "uuid": "4913f19d-7f1b-49da-bda7-1e88b33dc50c", "value": "115066655d155d055018z5c7z2095z13z4ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308003", "to_ids": true, "type": "filename", "uuid": "f9d47002-58f8-4121-8c4c-90823feb6a7d", "value": "3908d551858e61ee945c8b070022cae282a3fa377e08ae7b0d94916183756c0e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308003", "to_ids": false, "type": "text", "uuid": "cb9d94e6-9124-4e50-9617-841f9bcdc3c6", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T22:37:02.000000+00:00\nLast Submission:2026-04-21T06:08:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544831", "uuid": "1edbc15a-7747-4cbd-ba3a-553a9ae05487", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544830", "to_ids": true, "type": "md5", "uuid": "c627f51a-32ce-4a8a-b82c-59490defd4f5", "value": "5a71a80b0bfb69e28ea7194e54abeef3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544831", "to_ids": true, "type": "sha1", "uuid": "3371c3cb-7436-408d-9741-5142c3e8c302", "value": "ac593d79d808fada7764308712ab40b91c5721bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544831", "to_ids": true, "type": "sha256", "uuid": "2a5a107d-d7ba-43d8-92a3-b68309b159d1", "value": "253ac9bad9410d020ba58afd3a992451598768125116c9d42f945c0050cd4ed3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308025", "to_ids": true, "type": "ssdeep", "uuid": "261b95fc-3814-4d44-9a79-c6b0e5eda615", "value": "3072:YvBGrVNNR2AJNQKAfRAtHvrXT/7nM4L3zm2Q9ZVbZacTShsrH2/jbp:8G5HoqXAfRYQ+H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308025", "to_ids": false, "type": "size-in-bytes", "uuid": "ee87c7a1-965d-4f98-9e3d-62fe34c70d9b", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308025", "to_ids": true, "type": "vhash", "uuid": "424751da-c800-4f19-bff6-f57630185f23", "value": "115066655d155d055048z4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308025", "to_ids": true, "type": "filename", "uuid": "37de51fe-ac97-43ac-abb3-bc13b69ebbfc", "value": "253ac9bad9410d020ba58afd3a992451598768125116c9d42f945c0050cd4ed3.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308025", "to_ids": false, "type": "text", "uuid": "a276e7cc-1944-480e-8855-b30f18757aea", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:35/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544834", "uuid": "a5b4ca15-5e96-4dba-b414-3492e25cea3d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544833", "to_ids": true, "type": "md5", "uuid": "4b75dbae-0eeb-4f10-b840-ca8b8c504da4", "value": "621a059edbdf3d2390519f6eb0c8993e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544833", "to_ids": true, "type": "sha1", "uuid": "d6b6394f-80f4-4dd6-9c6c-49cd6b6a8d99", "value": "5ecd9db3bc11c942b4f67e51740dc06566fdaa6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544834", "to_ids": true, "type": "sha256", "uuid": "34c778e6-e6e9-4706-9242-c528fea12a27", "value": "10811c7cb1aaeadaa5ec8ff33922d53d2fbb1761295e6549e6508cadb3a6a6f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308068", "to_ids": true, "type": "ssdeep", "uuid": "738a0142-2a00-4aff-a154-9f176e68cc71", "value": "49152:0uwVEs1J3jMFi8DpEy7biLE5dbchm1eyAdrTfg:0uwV558CvgdYhkep" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308068", "to_ids": false, "type": "size-in-bytes", "uuid": "23499585-16cb-4985-bd1f-1204108bc7d8", "value": "2302976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308068", "to_ids": true, "type": "vhash", "uuid": "13a450f8-7abb-40ec-8596-10704559c248", "value": "026076656d155d05555173z20700c8z7045z2011z85zb7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308068", "to_ids": true, "type": "filename", "uuid": "8c16fce3-163f-43b4-a16e-c1e44911fc31", "value": "10811c7cb1aaeadaa5ec8ff33922d53d2fbb1761295e6549e6508cadb3a6a6f9.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308068", "to_ids": false, "type": "text", "uuid": "6cfcd7c0-24bc-44db-b29d-42eaf190ef82", "value": "Type Description: Win32 EXE\nMicrosoft: PWS:Win64/WallStealer.CI!MTB\nVT Total Detection:52/72\nFirst Submission:2026-04-20T22:51:59.000000+00:00\nLast Submission:2026-04-20T22:51:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544836", "uuid": "8c7aaf69-2e5e-476d-9933-9cc22da4ec1a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544835", "to_ids": true, "type": "md5", "uuid": "57caf010-a416-4aa8-aed9-5e7743274433", "value": "6ec8e9114705f153b9f8527cd3154157", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544836", "to_ids": true, "type": "sha1", "uuid": "97d3915f-a4a7-4859-b484-660adc9cdb07", "value": "b0c54dc86e3bc27de9f55b7cc5389e5c1737d676", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544836", "to_ids": true, "type": "sha256", "uuid": "7c932e9d-1148-4f92-a0dc-40d151e85f64", "value": "1b97037b3410f37f35209a512a1efd5aa4935251c93eeed78e65d34fb6e178d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308090", "to_ids": true, "type": "ssdeep", "uuid": "f5f9ca7f-58e6-4b0b-ab81-a9edeafae44f", "value": "3072:kTjx/azEnyFSpckqn/JqBJxSjjibckVPxIiTRQnol:kTjxuEyY2n00S6nol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308090", "to_ids": false, "type": "size-in-bytes", "uuid": "33a3425e-1180-491e-a29a-7ce619c5bdbd", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308090", "to_ids": true, "type": "vhash", "uuid": "68f33a5d-306e-427c-82a8-1f9ab796a2fd", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308090", "to_ids": true, "type": "filename", "uuid": "f2da9bc0-6b81-419b-a662-8bf358b40d45", "value": "1b97037b3410f37f35209a512a1efd5aa4935251c93eeed78e65d34fb6e178d3.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308090", "to_ids": false, "type": "text", "uuid": "499f4c43-8788-4ff0-a7d4-e537ba989bb1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:35/71\nFirst Submission:2026-04-20T22:54:14.000000+00:00\nLast Submission:2026-04-20T22:54:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544839", "uuid": "b2c86ccf-6f6a-4f4f-9150-d0cd622a121b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544838", "to_ids": true, "type": "md5", "uuid": "e1806770-c138-4904-91a1-7fcdab29225e", "value": "728d9d774f933d3639098c4394c33814", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544838", "to_ids": true, "type": "sha1", "uuid": "1c302d06-2467-4523-97be-b4a2111c2b0d", "value": "9b843f63739533290f701b285562b0ad0bba6df7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544839", "to_ids": true, "type": "sha256", "uuid": "6eb723f1-000e-4b0a-b07f-8d8fc2beab61", "value": "2078c3db731b4e5d3028f3e615a455b8222c364dfc7de40a9fd8ad8bf8c0d972", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308111", "to_ids": true, "type": "ssdeep", "uuid": "c7a0b932-41c2-4041-b416-86af204abb01", "value": "3072:5/azEnyFSpckqn/Jq/JxSjjjPckVPxIiTRQrol:5uEyY2n0azOrol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308111", "to_ids": false, "type": "size-in-bytes", "uuid": "ec89fd47-a139-4765-a08c-859c0fe5931b", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308111", "to_ids": true, "type": "vhash", "uuid": "184e1a8f-8f85-4681-b1f2-caad8f005ed2", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308111", "to_ids": true, "type": "filename", "uuid": "150b388f-19a9-4600-8b92-7395de2f7a98", "value": "vajwk.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308111", "to_ids": false, "type": "text", "uuid": "005bf220-83ec-4af2-be4d-b9da3baa9838", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T22:54:00.000000+00:00\nLast Submission:2026-04-20T22:54:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544841", "uuid": "e2d03c90-9343-4a34-8197-a884dd7eef1d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544841", "to_ids": true, "type": "md5", "uuid": "ae2fec54-7a2d-45e1-9300-f38b5e375521", "value": "7461d08e73c953ff86fac4d395fd643e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544841", "to_ids": true, "type": "sha1", "uuid": "b5f77c90-eb8f-4175-853e-056a741beace", "value": "006e2bac7d9dd245ec7ff71c0a0f11944a5b2f24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544841", "to_ids": true, "type": "sha256", "uuid": "c3b944fd-d228-4d2b-ad85-192bb81af3ea", "value": "0a4a7e30e34d9432749e11fb6343deeb4676b919b6568bdb5bb62a8fc3fb3c3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308133", "to_ids": true, "type": "ssdeep", "uuid": "a0f89427-75ac-4e28-84af-33f3f61045b0", "value": "3072:GEHzKjpAqVexNGpAQbUwkhyMI8vmSO/7njPL3cIbHD2GgNJlLJKNryjuFbHV3MGy:GDjpVVevtMUwkhHKl1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308133", "to_ids": false, "type": "size-in-bytes", "uuid": "98d90943-4f16-42e9-b535-7e255d7a2aa1", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308133", "to_ids": true, "type": "vhash", "uuid": "0632d046-48b7-409b-9b01-0a58a0098363", "value": "115066655d155d055048z4fnz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308133", "to_ids": true, "type": "filename", "uuid": "afebf015-1ca7-46ff-a847-3cc734e2021b", "value": "0a4a7e30e34d9432749e11fb6343deeb4676b919b6568bdb5bb62a8fc3fb3c3f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308133", "to_ids": false, "type": "text", "uuid": "258aa302-3cc1-4fe0-9f3b-a3ae358be706", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T22:54:47.000000+00:00\nLast Submission:2026-04-20T22:54:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544844", "uuid": "ff27d4d3-8ddf-4e93-b639-0c5b8f1cea43", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544843", "to_ids": true, "type": "md5", "uuid": "a09f900b-bd0f-4566-abab-dbe77aea6b59", "value": "758114f4982ccec3350d5b76778fb03c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544844", "to_ids": true, "type": "sha1", "uuid": "1fe0f9cc-1526-4e2a-8f75-5c6b756340f2", "value": "d3247caab71d8e21debd371e3530b7fc81e72259", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544844", "to_ids": true, "type": "sha256", "uuid": "18f3acd3-8f9b-4e81-b033-0273d55fc4fd", "value": "45f3274ca472c44e9b903a3ecf2708da97f9c57f5ef939f9348b6642aa6c154a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308176", "to_ids": true, "type": "ssdeep", "uuid": "f4e2b2f4-fb49-4dbf-b4f4-803ca283beb2", "value": "768:Ax9HdIKmYMk4C94CCDJDeyBat21Ci9RbLjnbPKgh69xirFcEta6JqRrpFURSjk/:g3qtknCDJCJt2HvjbS4FcEtgFX0Ss" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308176", "to_ids": false, "type": "size-in-bytes", "uuid": "aba88345-2a93-48de-aefa-1fa3719fe84f", "value": "58368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308176", "to_ids": true, "type": "vhash", "uuid": "63e2c3ac-6a73-4cb0-adb2-91dbda1e2d94", "value": "1540c75d1575151c051d1az1c11lz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308176", "to_ids": true, "type": "filename", "uuid": "63f7368c-8245-44f8-8c78-6ff7d6d81703", "value": "ProtonVPN.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308176", "to_ids": false, "type": "text", "uuid": "eb3bd852-e1d2-4184-8f5d-61ef3dcace9b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:18/71\nFirst Submission:2026-04-22T07:05:23.000000+00:00\nLast Submission:2026-04-22T07:05:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544846", "uuid": "c67d24f8-f3e2-437d-863a-aac3b69fbe54", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544846", "to_ids": true, "type": "md5", "uuid": "b1bbc8d2-1732-4d9e-90be-8f230ec6669d", "value": "7714193529f0673ffc926d66d964bb7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544846", "to_ids": true, "type": "sha1", "uuid": "86b9fe9a-7f16-4615-8b62-8a5ac01a8b8b", "value": "af473688c6c5bd081c5d640f449cc8e9ee31ac71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544846", "to_ids": true, "type": "sha256", "uuid": "8b913496-1c93-4b55-bb6f-644f15939303", "value": "0ab3a599159e9d8d97ea5cfcbb32ba1fc3e40d4210012f2bf75b624841e6a559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308198", "to_ids": true, "type": "ssdeep", "uuid": "5c3cb986-e054-4673-a945-535351328ae3", "value": "3072:TDAwoPt0PRG7nQbwAwZDuf+0PpEqFOAkw:fol0pAMwAwZS/lhp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308198", "to_ids": false, "type": "size-in-bytes", "uuid": "76b80863-a4a5-4389-add0-c116b02d0b42", "value": "102912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308198", "to_ids": true, "type": "vhash", "uuid": "18f07223-642f-4420-83da-2e45c8345017", "value": "115066655d155d055az49?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308198", "to_ids": true, "type": "filename", "uuid": "fd60f7cf-1d4a-48b8-a594-f9266bf36059", "value": "owwu1c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308198", "to_ids": false, "type": "text", "uuid": "ec36bd04-a05a-41aa-afb1-3a7290422375", "value": "Type Description: Win32 DLL\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:31/71\nFirst Submission:2026-04-24T15:10:25.000000+00:00\nLast Submission:2026-04-24T15:10:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544848", "uuid": "e69e7260-9a1d-48f7-a19b-0f99bf232ac4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544848", "to_ids": true, "type": "md5", "uuid": "6a0a6783-25e3-4c96-be5b-8bdf63673695", "value": "783ff126601d43f89db63fa87145e3dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544848", "to_ids": true, "type": "sha1", "uuid": "158bbdf8-9a60-47bd-9dd6-06e15091b216", "value": "7e9c7b69809b5f4b094608aae48ba96ae1ba449c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544848", "to_ids": true, "type": "sha256", "uuid": "deefdf71-347b-4bf7-b3fd-885654f520ac", "value": "24bb18b6ea9d20fb8f36fe7c653698012edcc0bfe5accac67ed5ffae35a1283b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308220", "to_ids": true, "type": "ssdeep", "uuid": "b39d11c4-3ae0-4917-b761-7b7a64f19f57", "value": "3072:Fm4RP6gyAqpQQAZ+YAVvrXT/7nM4L3zm2Q9ZVbZacTohsrHQckVPxIiTmjt+m/:E4t6hh9AZ+RY3J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308220", "to_ids": false, "type": "size-in-bytes", "uuid": "c59efa6d-96b9-4325-9a4e-7ecca5b32fe7", "value": "105472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308220", "to_ids": true, "type": "vhash", "uuid": "78c6c117-abe8-48ae-827d-5f74af4596dc", "value": "115066655d155d055048z4enz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308220", "to_ids": true, "type": "filename", "uuid": "50694591-5b81-4600-a214-c052dd4703ee", "value": "24bb18b6ea9d20fb8f36fe7c653698012edcc0bfe5accac67ed5ffae35a1283b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308220", "to_ids": false, "type": "text", "uuid": "7c2a3d98-209b-486c-9e1b-23003b5cac1c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:40/71\nFirst Submission:2026-04-20T22:49:47.000000+00:00\nLast Submission:2026-04-20T22:49:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544851", "uuid": "eaf2ed73-bd64-4b8f-8ea8-9c11246b98b8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544850", "to_ids": true, "type": "md5", "uuid": "eb289ca5-507b-4641-b945-0bf7d10954b8", "value": "7d833e6598f5c6b38e419ee2c78193b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544851", "to_ids": true, "type": "sha1", "uuid": "b29d2cf5-964c-4492-94d6-92e0819bc6e5", "value": "7c9da73f823923a3d0f956165de9697059e74a71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544851", "to_ids": true, "type": "sha256", "uuid": "028f472d-2e32-4ea6-9214-8b8d0dd26c73", "value": "38b4d80cb2b985600d98485b0329beb8d93601cf0358ecdca3fd55e4c307af27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308263", "to_ids": true, "type": "ssdeep", "uuid": "591a3088-6526-420a-b321-186ba78170c2", "value": "98304:/c//////d+YTlVUzlFxr8/yS/t7W5TMuKF7Z/:oHl2p3A/ySs54H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308263", "to_ids": false, "type": "size-in-bytes", "uuid": "f60d86c9-770f-410b-889c-a7781767beaa", "value": "3442688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308263", "to_ids": true, "type": "vhash", "uuid": "c52cae76-e83d-4f74-9fa6-3929dbbe2826", "value": "0360966d5c0d551c05156031906006e002d6z14035z91z2040301az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308263", "to_ids": true, "type": "filename", "uuid": "c40d4b75-a5d7-4b6c-9fcf-262abc78f49c", "value": "38b4d80cb2b985600d98485b0329beb8d93601cf0358ecdca3fd55e4c307af27.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308263", "to_ids": false, "type": "text", "uuid": "bf728eaf-4386-40f7-b7da-034e7cd68740", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/71\nFirst Submission:2025-10-17T06:14:13.000000+00:00\nLast Submission:2026-04-22T09:15:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544854", "uuid": "a43c954e-977a-446e-8352-40885bc05744", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544853", "to_ids": true, "type": "md5", "uuid": "9a14d5f7-8aa2-4866-a804-3d450db7f635", "value": "7d85683a846f0467e068927e5e7a0267", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544853", "to_ids": true, "type": "sha1", "uuid": "63799cbb-d2d6-4b96-b799-40179534b684", "value": "811e7aad3bea7ff8341ff5106bf0a29db3bb9fc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544854", "to_ids": true, "type": "sha256", "uuid": "04919cd7-80fb-4c48-b450-68b53b05c557", "value": "127226334ce62510f9bb1467d9d006108bd4d4884afa48f64cb4b03be47851d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308285", "to_ids": true, "type": "ssdeep", "uuid": "6ef68fc7-3217-4664-9844-55a45b43e936", "value": "3072:n7FEVRoWiGqsGQbXAL/QiYl2GWwD80p5wCDvmXT7RLyzfWC+YmSO/2nePGyufbH9:ZELobqGMXAL/DY2id" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308285", "to_ids": false, "type": "size-in-bytes", "uuid": "da420d99-1986-472e-b0c8-475ce5077090", "value": "105472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308285", "to_ids": true, "type": "vhash", "uuid": "6595b199-5c0c-427a-b2c4-8207a78035c8", "value": "115066655d155d055048z4c7z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308285", "to_ids": true, "type": "filename", "uuid": "13401ab1-f476-469f-a8db-f4293a1173e4", "value": "127226334ce62510f9bb1467d9d006108bd4d4884afa48f64cb4b03be47851d2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308285", "to_ids": false, "type": "text", "uuid": "d65c4608-24b1-4799-a45a-1f9ca6fdd549", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:26/72\nFirst Submission:2026-04-21T02:08:14.000000+00:00\nLast Submission:2026-04-21T02:08:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544856", "uuid": "9e5e4e9e-4112-41df-80ab-a0bef12c5f3b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544856", "to_ids": true, "type": "md5", "uuid": "98e8fce1-a1b6-4f18-b13b-04fe48d3aa70", "value": "88f11758b77bf89f167d5ee80d8d77fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544856", "to_ids": true, "type": "sha1", "uuid": "7bf76832-8734-4b47-bb85-78678761eb12", "value": "da9297a94a7e98053655032625c752c688c8bd93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544856", "to_ids": true, "type": "sha256", "uuid": "f5030d22-ce8e-439b-aeb6-015c2dfc6164", "value": "129f8c5713c11b19868f9dd765e46364225f9e1fce950ce64cfb6f53fcf81ee2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308307", "to_ids": true, "type": "ssdeep", "uuid": "328f7ccf-ea7c-4ae3-986a-0cc56491c300", "value": "3072:DTA+vkXsN6BdfY0rxDY863xmNkF1JPLS55c:bv0suFrxklYUW5C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308307", "to_ids": false, "type": "size-in-bytes", "uuid": "630cc8bb-1c65-4f43-956e-77cb1ca9193c", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308307", "to_ids": true, "type": "vhash", "uuid": "6be9437d-ecc3-4e27-9de8-8ec1a1224e21", "value": "115066655d151d055088z57hz13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308307", "to_ids": true, "type": "filename", "uuid": "51604db0-42fe-4a7f-861c-c7f7edd43598", "value": "129f8c5713c11b19868f9dd765e46364225f9e1fce950ce64cfb6f53fcf81ee2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308307", "to_ids": false, "type": "text", "uuid": "d3dda404-3083-4db0-81ce-adffe98f66b7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:17:36.000000+00:00\nLast Submission:2026-04-20T23:17:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544859", "uuid": "8b02d3d6-5984-45fd-a072-240cbb5572cf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544858", "to_ids": true, "type": "md5", "uuid": "15bd43f8-65d0-47aa-90f3-8ba236a33e74", "value": "8997f20d06a53d675e55a7e889144e85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544859", "to_ids": true, "type": "sha1", "uuid": "55f0b3e0-e604-4359-9641-c0752c01321a", "value": "f535cf5b970a27d92a436a93b0a1535c1dee7ec5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544859", "to_ids": true, "type": "sha256", "uuid": "b1e4afe0-cf6b-4c85-b602-14a73edd371e", "value": "25158b49f0f1aa26f6724d3cd2669d7efae472b2b5536289a79e9a4cd9363e2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308328", "to_ids": true, "type": "ssdeep", "uuid": "c87f2f50-a58d-4115-8661-81f7ce71c9b1", "value": "3072:JlRUbvuAcGSPQbcwXlsEvAtpFrpqpqpvvkTinyNAQ9:BULuHhMcwXlVPvG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308328", "to_ids": false, "type": "size-in-bytes", "uuid": "7252ee30-44b2-408b-8eae-fd49144106fb", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308328", "to_ids": true, "type": "vhash", "uuid": "f1e3d2d0-e925-4ced-9fee-f101e36cae7e", "value": "115066655d155d055az4fnz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308328", "to_ids": true, "type": "filename", "uuid": "8235b65a-8f2d-42e5-8f9d-8c16809f0e3d", "value": "25158b49f0f1aa26f6724d3cd2669d7efae472b2b5536289a79e9a4cd9363e2c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308328", "to_ids": false, "type": "text", "uuid": "a0ceec5c-fff7-49f6-afcd-143dec633aab", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-20T23:36:19.000000+00:00\nLast Submission:2026-04-20T23:36:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544863", "uuid": "3f80c420-1fac-4842-a6de-fdec42caedfa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544861", "to_ids": true, "type": "md5", "uuid": "40470f41-5405-46f4-9b8a-6bb82e8dfd99", "value": "9214075f7d36b6421d86b987f4e28ecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544862", "to_ids": true, "type": "sha1", "uuid": "4b9fe03c-22ca-49e2-a795-d697373813a3", "value": "884cc6c3f8b5dc26987925951f3999ca85e8e4f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544863", "to_ids": true, "type": "sha256", "uuid": "b216ebf9-5198-4d89-8cfb-7c6bdae7b1db", "value": "247bb7865088b80ed0ea984faaec01ef3f6bd12b2a98239395e3dc198d40b99a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308371", "to_ids": true, "type": "ssdeep", "uuid": "8faefba9-84f8-4993-a1ec-00ed35c7cfb7", "value": "6144:rKEcTs/jvtGCIvT/BIy/71C6h7i6DPgwlXwuxkC8wmAj8hLeC3:rKEcTs/jvtGCIb/BI/CLPzxk7wmAj0n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308371", "to_ids": false, "type": "size-in-bytes", "uuid": "9f159f72-b39a-4182-ae8a-d7899a1e0d95", "value": "481216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308371", "to_ids": true, "type": "vhash", "uuid": "af69d25e-125a-4902-9491-43f3a7577046", "value": "1450c6655d155515501d1az5f=z6c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308371", "to_ids": true, "type": "filename", "uuid": "b79a387a-1ee1-4d41-b4c4-08170e72ba87", "value": "libEGL.dll" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308371", "to_ids": false, "type": "text", "uuid": "851d61a5-51b5-4e82-a219-92b75af3874b", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2022-12-20T19:10:09.000000+00:00\nLast Submission:2026-04-22T15:19:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544865", "uuid": "1a00942b-c70e-4959-9c62-dbb79d6700ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544865", "to_ids": true, "type": "md5", "uuid": "4d1ce436-b323-4b51-b05d-e8807645c793", "value": "926a0f9e832cb9c03d21c4bc31d0c328", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544865", "to_ids": true, "type": "sha1", "uuid": "9ec15ad6-5059-48bc-b138-5f29623ee9ba", "value": "e5edb77e8f31d3230d99f7af7e5cfc40c7f707b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544865", "to_ids": true, "type": "sha256", "uuid": "f2b23678-d7fd-4fb1-b51f-3bdfd6b686b6", "value": "0b95a5f8f11fcc69e72663fb193d1d63d3250b0a4e76f3420d3fbd953a1dd909", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308393", "to_ids": true, "type": "ssdeep", "uuid": "30ee3691-2add-4ba4-8a7a-e9aed3cd5630", "value": "3072:I/azEnyFSpckqn/JqGlJxSjj8TckVPxIiTRQEol:IuEyY2n0hsiEol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308393", "to_ids": false, "type": "size-in-bytes", "uuid": "7506c850-5efa-4634-840e-9d8b9c0bfd7a", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308393", "to_ids": true, "type": "vhash", "uuid": "539ffd78-b088-467d-a3b2-722f132cc5fa", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308393", "to_ids": true, "type": "filename", "uuid": "e845bb90-a688-4348-a2ae-175ce80b7d06", "value": "0e6tyadvn.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308393", "to_ids": false, "type": "text", "uuid": "10ca3f83-e069-48aa-8794-b352e6af4b23", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:14/72\nFirst Submission:2026-04-20T23:17:36.000000+00:00\nLast Submission:2026-04-20T23:17:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544868", "uuid": "f397321b-366a-488c-ab5f-d1760f82ab3c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544867", "to_ids": true, "type": "md5", "uuid": "1d2ef587-7c10-43e1-9914-3a3601161a64", "value": "95f347900d08f9e80602e6f545105984", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544868", "to_ids": true, "type": "sha1", "uuid": "c0bb4475-c0a0-4b87-b1fe-7a761f9f841d", "value": "e64409b33b4f864400a96ffff6b36af80a588f32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544868", "to_ids": true, "type": "sha256", "uuid": "3dd66ab3-4e12-4650-bd6c-47d65ec2b48f", "value": "10f7f483512029d6a7ceecc154c9cb8bda6d34fa65dfbd2c67a49c12e763449a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308415", "to_ids": true, "type": "ssdeep", "uuid": "48cd4eaa-ae47-4b6b-8a67-b3a6f22aa5ed", "value": "1536:E6tWOPLuqURBOvYpizkCMsxwnyAa49pmckVPxIiTF:1WllM6JgxswckVPxIiTF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308415", "to_ids": false, "type": "size-in-bytes", "uuid": "e3007ad4-2d12-46b2-b14d-ee16c820b903", "value": "59392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308415", "to_ids": true, "type": "vhash", "uuid": "1616465c-a8e2-43b8-a2b6-c2c152e01a8d", "value": "1540c76d1575151c051d1az1511lz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308415", "to_ids": true, "type": "filename", "uuid": "439aca7c-b766-4ff5-acb7-d85dc6806194", "value": "CCleaner.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308415", "to_ids": false, "type": "text", "uuid": "d00df36e-238e-4e0d-8fc1-8a703ce07141", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:19/72\nFirst Submission:2026-04-21T00:32:58.000000+00:00\nLast Submission:2026-04-22T07:07:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544871", "uuid": "757bf0db-9e1a-4fa2-8083-c3a109d0f9b3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544870", "to_ids": true, "type": "md5", "uuid": "b0175c0a-9a8a-473b-802f-83bbafe93d7c", "value": "95f4b8fda73c514b635f6054e47bf31f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544870", "to_ids": true, "type": "sha1", "uuid": "1f9ab67c-cfe2-45a1-a77c-107a215f53a0", "value": "58f9b3c9945f23c6ec998bdda811feb7821c8888", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544871", "to_ids": true, "type": "sha256", "uuid": "3226998d-70b8-4f9f-a30b-88df9d428bcd", "value": "3a528fa0e2a459a527ff0261ffa696ee22fcab358c0bd4ed0e73f6cfb1994489", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308437", "to_ids": true, "type": "ssdeep", "uuid": "32b13569-805f-4b13-8b50-65b19c687142", "value": "3072:PbDfBxo+I/gQVOogRGsGm6TpIS/GWmATME5JAST/2njLhbC3G1XSzoQsruGdQC:vzoMMOogsszPduvC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308437", "to_ids": false, "type": "size-in-bytes", "uuid": "4ba94583-d58d-45af-9990-7775f3365d30", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308437", "to_ids": true, "type": "vhash", "uuid": "b6388afc-d080-403b-826e-3b5f985fd2bf", "value": "115066655d155d055az57hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308437", "to_ids": true, "type": "filename", "uuid": "ab282330-bc70-41d7-81db-e659fc79f3b5", "value": "3a528fa0e2a459a527ff0261ffa696ee22fcab358c0bd4ed0e73f6cfb1994489.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308437", "to_ids": false, "type": "text", "uuid": "eca77341-a7ce-4779-a563-6e41da421138", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T22:56:43.000000+00:00\nLast Submission:2026-04-20T22:56:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544873", "uuid": "76ac9c5c-ce52-49fc-ae6a-16dc0f608dad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544872", "to_ids": true, "type": "md5", "uuid": "54082725-d10a-46ce-9d91-a7872c16fa66", "value": "966bbf007a2dfecf0b4344b672ff506e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544873", "to_ids": true, "type": "sha1", "uuid": "7e457d21-2dd9-4d26-ab57-afc699194bcf", "value": "2c7db503a5b5c47aa04af213986a6243dea35206", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544873", "to_ids": true, "type": "sha256", "uuid": "a53e164f-c585-4223-a5c3-db69a97638c5", "value": "277fa6975eb8f65738d6c81d5788ea0181a23933b861fefcffa6a72f2923faad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308458", "to_ids": true, "type": "ssdeep", "uuid": "3897a216-2604-4a84-a9a9-7dc8ea067d27", "value": "384:TTm19V3T5PlIqpHGYuwvA6Uh1mckVPxIiThpMMMqWLXNf0:Ti19V99H5zuEEmckVPxIiT/MMMBF0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308458", "to_ids": false, "type": "size-in-bytes", "uuid": "5a1a917e-a451-471b-9e12-c454a515dea3", "value": "20992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308458", "to_ids": true, "type": "vhash", "uuid": "12730590-1380-4bef-9025-eb4045a3bf31", "value": "1240c75d1515151c051d1048z161mz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308458", "to_ids": true, "type": "filename", "uuid": "3ed652b8-0aba-4f0b-81da-dfdf6164062c", "value": "VERSION.dll" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308458", "to_ids": false, "type": "text", "uuid": "e0a1f640-c452-4728-a9f4-81df94520f08", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:27/71\nFirst Submission:2026-04-20T23:17:07.000000+00:00\nLast Submission:2026-04-20T23:17:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544876", "uuid": "29721fdc-b032-4c62-a041-ce2a45df2ae7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544875", "to_ids": true, "type": "md5", "uuid": "fc08814f-7702-41cd-883b-5d6f9e0b80f4", "value": "979a435091d9b574ecf3e143392fdca5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544875", "to_ids": true, "type": "sha1", "uuid": "04630cb9-e1d1-4383-8a34-0c5d0e4a06c1", "value": "78e5a5813c485c84eb3f31ad9cab74b4334e7d2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544876", "to_ids": true, "type": "sha256", "uuid": "e55ca94a-4e8b-4bca-b3cc-c21a8a2e8e64", "value": "15bc00dd1f01dc2ea97a59e9f094f55d6b95084d646d7b6e11f3899d7c8e4291", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308501", "to_ids": true, "type": "ssdeep", "uuid": "14a9d4ba-7dfb-4fdf-9d26-9b5fc6c68e30", "value": "3072:NDcdd+k2M31COjvyGOYQb6Awrub9ATME5JAC/T/2njLhbCDvmSOo2iePG3ufWC+G:yak2E1JKWM6AwrQ4i9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308501", "to_ids": false, "type": "size-in-bytes", "uuid": "d4204179-e2c6-4354-9efa-b55a5853749b", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308501", "to_ids": true, "type": "vhash", "uuid": "4d38c027-5b60-418c-81ec-fed4c32df5dd", "value": "115066655d155d055az517z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308501", "to_ids": true, "type": "filename", "uuid": "f24d0f93-ad38-46d5-adad-ec15c4983094", "value": "15bc00dd1f01dc2ea97a59e9f094f55d6b95084d646d7b6e11f3899d7c8e4291.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308501", "to_ids": false, "type": "text", "uuid": "abdcd28e-fd60-4aef-b87a-7ccd833a405e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:38/72\nFirst Submission:2026-04-21T00:28:09.000000+00:00\nLast Submission:2026-04-21T00:28:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544878", "uuid": "046307ad-68ec-4bf5-88fe-43e420dc9a62", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544878", "to_ids": true, "type": "md5", "uuid": "c37c42a7-7669-47dc-af4b-54b31513e009", "value": "993f2dfd5218496532f5e8ca716c993f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544878", "to_ids": true, "type": "sha1", "uuid": "2a9c0bd2-20fc-4b8e-a3cf-7153d0722563", "value": "e9f9deaf4dc0d6658ffbe3f83dc59880f9e8cd6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544878", "to_ids": true, "type": "sha256", "uuid": "14cd3b7e-6893-4731-9bee-8219206d79d2", "value": "1cdcc64c28013ea9639884b194265a55ad065b7649ce7ba9e28526d17be8ddce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308523", "to_ids": true, "type": "ssdeep", "uuid": "ef139a33-09d2-4f44-bd76-16a6bf0f2043", "value": "3072:XcK0DaVl7xAacJ0S+dtKnkksT2G3KVuUHytOiZPvxU2j229J:Xh7CacKS+bKnkb28KVuUHyEiZm2j22j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308523", "to_ids": false, "type": "size-in-bytes", "uuid": "af8d02ba-98f1-4a08-a15a-2c8d885ab19f", "value": "234536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308523", "to_ids": true, "type": "vhash", "uuid": "21888c37-8e0e-4923-b70b-d99f395ba8b0", "value": "1251376d1515151c051d1az150dlz31z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308523", "to_ids": true, "type": "filename", "uuid": "29570a35-8243-490c-85f1-2f31baf18c14", "value": "1cdcc64c28013ea9639884b194265a55ad065b7649ce7ba9e28526d17be8ddce.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308523", "to_ids": false, "type": "text", "uuid": "360fdda0-987e-4f04-8d9a-442a94de8a65", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-21T00:00:08.000000+00:00\nLast Submission:2026-04-21T00:00:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544881", "uuid": "544d47e1-1fe0-4ceb-bb1b-7ebcdb6da21f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544880", "to_ids": true, "type": "md5", "uuid": "3680327c-de56-4362-b08d-09102b1f5223", "value": "9af3d4135e84d81b41ab0ba27fca6ffb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544881", "to_ids": true, "type": "sha1", "uuid": "a83db1c6-b398-4f13-8fc1-fa017f2fe98a", "value": "86217fd04323e86f9b55d9f2cc6c72bf33b9da74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544881", "to_ids": true, "type": "sha256", "uuid": "b84a8d21-f6e0-440d-8579-55bb16f8be44", "value": "43da2611a806acc21c55a1a4f58e71ad9cdfe3306a1ad082a018701b023da3a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308545", "to_ids": true, "type": "ssdeep", "uuid": "61c59fd9-127e-4ab4-965a-655809e8e6d7", "value": "3072:EvBGrVNNR2AJNQKAfRAtlvrXT/7nM4L3zm2Q9ZVbZacTShsrH7KjdG:gG5HoqXAfRYm65" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308545", "to_ids": false, "type": "size-in-bytes", "uuid": "c5875811-8441-4c43-b12b-470e4e80f377", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308545", "to_ids": true, "type": "vhash", "uuid": "af4d60b0-da28-4af6-a861-ad083a6f4b87", "value": "115066655d155d055048z4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308545", "to_ids": true, "type": "filename", "uuid": "f2a17059-bfd1-4901-b5f9-ffb5c80c50d5", "value": "43da2611a806acc21c55a1a4f58e71ad9cdfe3306a1ad082a018701b023da3a5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308545", "to_ids": false, "type": "text", "uuid": "6fa17ec5-e115-4600-875c-668fc9e5d880", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:17:36.000000+00:00\nLast Submission:2026-04-20T23:17:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544883", "uuid": "d42eb4f9-3a18-4431-9e85-063e2b2b42e0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544883", "to_ids": true, "type": "md5", "uuid": "a073a71b-af8e-4cb5-860e-4ae74f3f2978", "value": "9c7dfb001d92c18ab850f454310d4f1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544883", "to_ids": true, "type": "sha1", "uuid": "dc117987-ff9f-467c-b7a1-316af8da40eb", "value": "1ba3f939e8e76f597ccbfc97175003ccce95ec7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544883", "to_ids": true, "type": "sha256", "uuid": "5719b170-07d0-4944-bde7-f3a85a90f2ea", "value": "0677e7283b4a6cd70dec17243c2eb92e341660735c444b5ae42193094d161abe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308566", "to_ids": true, "type": "ssdeep", "uuid": "8344bcb6-2f50-4b11-b0ec-cafc3ee59894", "value": "6144:f2W7CagsS+zKnkt2mKVuuHypiZ82jSY9/hY:rC97hkoBeQxy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308566", "to_ids": false, "type": "size-in-bytes", "uuid": "36d00d69-5212-4efa-a378-13e4bf0065b8", "value": "238535" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308566", "to_ids": true, "type": "vhash", "uuid": "961c4fc1-78f8-4a32-a762-6d7f9018deab", "value": "1251376d1515151c051d1048z150dlz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308566", "to_ids": true, "type": "filename", "uuid": "060ff470-d84c-4d11-b00d-b349e6c8c5c7", "value": "0677e7283b4a6cd70dec17243c2eb92e341660735c444b5ae42193094d161abe.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308566", "to_ids": false, "type": "text", "uuid": "8e213326-b363-4757-b03d-f2669e3c50be", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:32/72\nFirst Submission:2026-04-20T22:54:27.000000+00:00\nLast Submission:2026-04-20T22:54:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544886", "uuid": "714006e7-99f0-49ae-aa7b-5be6f291d68a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544885", "to_ids": true, "type": "md5", "uuid": "d39b4262-c7b4-425f-84ce-4c455e0b59c3", "value": "a45edda2b0af47c18596c9b63295978d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544886", "to_ids": true, "type": "sha1", "uuid": "9ecfe1bd-634a-4b88-abbf-b9aaf647a963", "value": "3c25e6a35b0c3e49fa18abb1475f8c3248c5f6d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544886", "to_ids": true, "type": "sha256", "uuid": "2401c407-6bd6-429f-a39e-63c2797af880", "value": "3043002f6751736c0a1a5e4be51ebf5ab5a6169e8d3d7fcd4a2718774e7842ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308610", "to_ids": true, "type": "ssdeep", "uuid": "d111cb56-c2e0-42dc-bd73-13631d591d55", "value": "3072:jgBVDGq12ZGdQbKOT5HzM/I1w+Tj5YiPWm2QjcqEsV8M88DvF:uDT1XMKOT5TM/gewv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308610", "to_ids": false, "type": "size-in-bytes", "uuid": "e6dc9256-dace-4b6f-92f8-fd87f39fe514", "value": "108032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308610", "to_ids": true, "type": "vhash", "uuid": "3d793fa2-c4ff-4516-bbeb-ea82f5c0fd6a", "value": "115066655d155d055az597z2095z13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308610", "to_ids": true, "type": "filename", "uuid": "7070a5f5-d9cb-4bc4-9be2-7e6c8489bce1", "value": "3043002f6751736c0a1a5e4be51ebf5ab5a6169e8d3d7fcd4a2718774e7842ca.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308610", "to_ids": false, "type": "text", "uuid": "84a2a43a-947d-4723-b74b-6253998ee7a0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:37/72\nFirst Submission:2026-04-20T22:52:22.000000+00:00\nLast Submission:2026-04-20T22:52:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544889", "uuid": "b2438bf2-7b73-4bf9-9077-bcb73cfbef5b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544888", "to_ids": true, "type": "md5", "uuid": "d7cec6ed-63fb-4f7a-bfa3-cdf3891080d3", "value": "a8bedd55e56241c0fc1e173e8c0180c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544888", "to_ids": true, "type": "sha1", "uuid": "9cfb3cd0-0c18-4911-a8d6-67283640e9dd", "value": "36c187e553ab8115593aa25c2088882fe4d354c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544889", "to_ids": true, "type": "sha256", "uuid": "414d498f-cb5a-4bf2-ad45-d4f9f9b5d80b", "value": "046ea94cd9c350c2e060c48ae917b6ba194f1ad79d111707cc630a5bb1e03096", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308632", "to_ids": true, "type": "ssdeep", "uuid": "8e40d76f-2928-4949-b1dc-c36138eccfdf", "value": "3072:m/azEnyFSpckqn/JqnJxSjjYrckVPxIiTRQrol:muEyY2n0ioKrol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308632", "to_ids": false, "type": "size-in-bytes", "uuid": "a3fb0279-305f-441e-8b8f-58d5cc34836d", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308632", "to_ids": true, "type": "vhash", "uuid": "dad3add4-36a7-4da9-85b9-321bbc7cdbbd", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308632", "to_ids": true, "type": "filename", "uuid": "94dff456-efdd-4d6c-9332-798794889e1f", "value": "046ea94cd9c350c2e060c48ae917b6ba194f1ad79d111707cc630a5bb1e03096.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308632", "to_ids": false, "type": "text", "uuid": "8ee9b466-d4ce-4475-a2e1-0ab0ccb5ceb3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:12/72\nFirst Submission:2026-04-20T23:08:28.000000+00:00\nLast Submission:2026-04-20T23:08:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544891", "uuid": "2ac646df-b7a3-4617-86ae-c37e36bc77d9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544890", "to_ids": true, "type": "md5", "uuid": "2f049d3a-8ad5-4c8a-9cd0-aa6302864d92", "value": "a9572d21a0e9fe79e85eaae3cdd92a14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544891", "to_ids": true, "type": "sha1", "uuid": "6aa400f5-e399-4908-9938-db00a5eb47f2", "value": "09e3fb2e363916406d670b1951605c67952eec43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544891", "to_ids": true, "type": "sha256", "uuid": "7b208892-e52e-4b57-aed6-61fb06aa4472", "value": "1d313d369d52d346d5a29ccc248de32ae5481101f45c4198e6c2eff1447a2aa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308674", "to_ids": true, "type": "ssdeep", "uuid": "b7c34aa6-697d-46dc-9f2e-522df07f256c", "value": "3072:atd4yN6xpAqJQVAvfhxt/rB7ijPGyuIWC+vm//O/2iePL3zfbHsYrXTGWwd51pyQ:+dJkTB4Anh/6XJsl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308674", "to_ids": false, "type": "size-in-bytes", "uuid": "915f4381-5c3b-4545-af33-da823a123e6a", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308674", "to_ids": true, "type": "vhash", "uuid": "127951c9-3a5a-45d4-855a-2065e6b1c6fe", "value": "115066655d155d055048z4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308674", "to_ids": true, "type": "filename", "uuid": "6bcd4f20-8329-4a03-882e-33730b371af5", "value": "1d313d369d52d346d5a29ccc248de32ae5481101f45c4198e6c2eff1447a2aa4.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308674", "to_ids": false, "type": "text", "uuid": "f5310936-5fcf-46cc-89e0-dde21adc6dc7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:43/71\nFirst Submission:2026-04-21T00:35:35.000000+00:00\nLast Submission:2026-04-21T00:35:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544894", "uuid": "94480103-4c5c-4a3e-b392-f4b64e045c55", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544893", "to_ids": true, "type": "md5", "uuid": "924b003a-b0b6-4df7-aa3c-1e671b7f3cc4", "value": "ab0ea6e1b4ac282b875cd6a94ab852f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544893", "to_ids": true, "type": "sha1", "uuid": "8f09d587-8709-4785-bd6d-05cf973d998c", "value": "8cfce660b86e8d7c992f91bb65895ed5c468e812", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544894", "to_ids": true, "type": "sha256", "uuid": "ccd308c1-8eef-48e1-84e7-3457ae2f3b01", "value": "2568ebc0e9a4464c55c47b2f20fdc6ebb1defdc8d86210cf35b3dd74ce73dea6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308696", "to_ids": true, "type": "ssdeep", "uuid": "da0dde88-2c78-4349-9b57-777ab4ac199e", "value": "1536:uKjZscICeokhYjwemxZVUwdB6LZuDUCxLKGeWTHKSO89u1VYLHTtpwB63VsWGduH:uK1stLHiL5CxIOq0M1VYLHTnwB6UCdA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308696", "to_ids": false, "type": "size-in-bytes", "uuid": "890b4249-e67f-4106-a2f7-f6e1a87c1700", "value": "144896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308696", "to_ids": true, "type": "vhash", "uuid": "23da0d9a-fbbb-4413-baaa-bebd00a00048", "value": "015076655d15551d055038z53nz15za7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308696", "to_ids": true, "type": "filename", "uuid": "23d609cd-ae55-4c7e-adaa-f374ab362b85", "value": "2568ebc0e9a4464c55c47b2f20fdc6ebb1defdc8d86210cf35b3dd74ce73dea6.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308696", "to_ids": false, "type": "text", "uuid": "31e439b9-a3f4-48a4-9fdd-5c8d97d2b3d3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:30/71\nFirst Submission:2026-04-22T05:25:11.000000+00:00\nLast Submission:2026-04-22T05:25:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544896", "uuid": "b9bdefec-fc2d-49eb-9ac4-922e4ff509f1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544896", "to_ids": true, "type": "md5", "uuid": "830c6304-2070-4058-a393-3529bd59448d", "value": "b07ab5d315021076705f1d552ab15611", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544896", "to_ids": true, "type": "sha1", "uuid": "07f04045-de71-44ae-a76a-672cf43da1f4", "value": "09fc69e721d39bbcf6c947b55f4dfcb93cbdf48d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544896", "to_ids": true, "type": "sha256", "uuid": "a721c0a8-4be7-426d-b282-49e882f5f1c9", "value": "25b9cd7f36c03cf457f67007d1e6ffc571ab853748729517f68f2a603fa65f43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308739", "to_ids": true, "type": "ssdeep", "uuid": "088b1151-095e-4daa-8277-99f60710aabf", "value": "192:HPkLGXZWh/gk71uLojQSjmmzQb9h+XZwrr2aM+x6RNIytCD2WBZF+622Q2hPr:HPxWh/gq1u67zQDOZwDM+QRWyQzT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308739", "to_ids": false, "type": "size-in-bytes", "uuid": "ddb63a3d-b31c-49d6-a652-059adb85a072", "value": "15360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308739", "to_ids": true, "type": "vhash", "uuid": "67faaf46-5b9f-4861-afc9-95befe9df7ec", "value": "21403655151e0031b90020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308739", "to_ids": true, "type": "filename", "uuid": "07ef574e-caea-4a2f-b86d-c6bae7dbaebc", "value": "TestBeacon_DotNet.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308739", "to_ids": false, "type": "text", "uuid": "00ac6202-b6ba-4cb6-8c03-f1bffcc58e6d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-20T22:47:37.000000+00:00\nLast Submission:2026-04-21T06:00:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544899", "uuid": "b0b81c18-0b16-4b1a-ab5c-5c6aafd2ef8d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544898", "to_ids": true, "type": "md5", "uuid": "f3db561c-6a54-4d65-8cff-e17a67eab4b7", "value": "b0b5c1d51041746b4377793072676b90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544898", "to_ids": true, "type": "sha1", "uuid": "c8f9ce96-04e5-49f2-9eaa-9d6233df4ad4", "value": "c4691315e7868a017e5e87e7e4c27755a8e294b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544899", "to_ids": true, "type": "sha256", "uuid": "419841d9-39e4-498c-96b3-e973492be663", "value": "1a08f4781707c147b81afd5f367f63fd2b0ace445511206cf859c89a9d781a29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308761", "to_ids": true, "type": "ssdeep", "uuid": "a4f32ea9-9b28-4676-83dc-8c13dd7a8d34", "value": "384:wSqD9rVoCtQyJxH7Iw7H/YyGGmckVPxIiTrBX3qWLkN:w9D9reJWJIOH/tmckVPxIiTp3B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308761", "to_ids": false, "type": "size-in-bytes", "uuid": "f048fe34-f3f4-4909-a194-17db9cd17601", "value": "18944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308761", "to_ids": true, "type": "vhash", "uuid": "19c56c95-ef57-4f08-bb98-af0d3fcb3100", "value": "1140b76d1515151c051d1048z191mz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308761", "to_ids": true, "type": "filename", "uuid": "03966cf3-1243-4d90-8c59-729508fe08be", "value": "1a08f4781707c147b81afd5f367f63fd2b0ace445511206cf859c89a9d781a29.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308761", "to_ids": false, "type": "text", "uuid": "90fcd185-147e-4399-ba62-9b1bfc74fca4", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:15/71\nFirst Submission:2026-04-20T23:57:57.000000+00:00\nLast Submission:2026-04-22T09:50:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544901", "uuid": "e54cec92-e02f-4b9e-b994-6b7c0562607e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544901", "to_ids": true, "type": "md5", "uuid": "010fd6a1-db07-47fd-abf5-058033be0bc0", "value": "b39c59046edc5d74d806d51d3d02a213", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544901", "to_ids": true, "type": "sha1", "uuid": "8403fb78-58b4-4abe-b9ea-094da2b0d1eb", "value": "8571f618eabd32d3f60f1133aa4c278feb958423", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544901", "to_ids": true, "type": "sha256", "uuid": "6cc53042-cd70-41a9-9463-235ec84dad50", "value": "00d31d04e092ce1f73839aeafaaf695fd1b68e92bf030c92543dd74a979a8a7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308782", "to_ids": true, "type": "ssdeep", "uuid": "f6a5c5da-1367-45df-b1cb-72d67ece955b", "value": "3072:9z14PqjedtveFGdEQbCQWVqdcp/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCR:wCjI1M9MCQWVmbSM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308782", "to_ids": false, "type": "size-in-bytes", "uuid": "77470caa-fd7e-4d03-8433-6fc9cc6b655d", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308782", "to_ids": true, "type": "vhash", "uuid": "e2dd5526-8032-4aa4-af17-cf8d379ac174", "value": "115066655d155d055018z587z209bz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308782", "to_ids": true, "type": "filename", "uuid": "64ca3a24-a35c-4962-85cc-d4e66999e481", "value": "zya4q2j.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308782", "to_ids": false, "type": "text", "uuid": "24310ca7-677c-4670-8d38-c002b4a5bbd2", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-24T06:14:22.000000+00:00\nLast Submission:2026-04-24T06:14:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544904", "uuid": "9749e316-b2ab-407f-a2f2-581bfa388786", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544903", "to_ids": true, "type": "md5", "uuid": "32e1bf08-05c4-43df-b3ce-abe2a4f89939", "value": "bd3885b094be1ed937b5ce132bcd31e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544904", "to_ids": true, "type": "sha1", "uuid": "6effbf3d-6c1a-4712-b22a-9e1316c2f949", "value": "8d2bcac77c856a278a12509f8cc9cb5d12dc5f27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544904", "to_ids": true, "type": "sha256", "uuid": "15543fb0-bf6d-4184-b21e-76096e93b9c0", "value": "3a4eaeac7fed3f87f58ca0eeade43079b3426b5f1b0f1f16490103179ac69fb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308804", "to_ids": true, "type": "ssdeep", "uuid": "cb99eefa-c4cd-4d01-87ff-682dfe87dd77", "value": "6144:LNZ7CagDS+zKnk42YKVu8HyAiZw2juruWyA:vC9G1kzvY/hNNA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308804", "to_ids": false, "type": "size-in-bytes", "uuid": "4221b59b-ab64-4c65-a895-f29b0172c6e2", "value": "236050" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308804", "to_ids": true, "type": "vhash", "uuid": "ea69c10c-744e-4921-b5b5-57594c0f198b", "value": "1251376d1515151c051d1az180elz3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308804", "to_ids": true, "type": "filename", "uuid": "ba4d313a-1add-4b16-a055-32ec5572defa", "value": "kr342e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308804", "to_ids": false, "type": "text", "uuid": "075a6027-890b-4377-8710-cb47a3b666ae", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:28/71\nFirst Submission:2026-04-25T08:10:30.000000+00:00\nLast Submission:2026-04-25T08:10:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544907", "uuid": "9278ea59-f565-4838-9e0d-a5ab1c27030e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544906", "to_ids": true, "type": "md5", "uuid": "0f7e7034-fa98-4cbb-bd18-68f84f6c54e1", "value": "de784b74c6bc426acbafe61711d397b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544906", "to_ids": true, "type": "sha1", "uuid": "ec4e8cde-1839-4d43-a8eb-e1a4505322b9", "value": "fd491feeaa6c88cfd3bf2a52cb3bb50bdf20026e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544907", "to_ids": true, "type": "sha256", "uuid": "4b57a931-0cda-490f-a84a-17a949c8d365", "value": "3535ba5d6ee2950062b9142ccbd3b947a73a620a1d621a5c4434dc66adf25b7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308826", "to_ids": true, "type": "ssdeep", "uuid": "d14a7a5b-7d66-4185-8f4b-8f42c1c51e85", "value": "3072:wRTeXQwDasaAmiTQhAS/xYN0551756565rnIryHk/CXDK:IeXbuFaTcAS/0/C2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308826", "to_ids": false, "type": "size-in-bytes", "uuid": "9f44c728-d02e-43c0-b5c1-8dddc1b0cbdb", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308826", "to_ids": true, "type": "vhash", "uuid": "f2bf5c53-61f5-4117-a53e-55b36a502e93", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308826", "to_ids": true, "type": "filename", "uuid": "4133c6a4-ba77-4fe0-adf3-210389765ac7", "value": "3535ba5d6ee2950062b9142ccbd3b947a73a620a1d621a5c4434dc66adf25b7e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308826", "to_ids": false, "type": "text", "uuid": "5cf2a975-96a3-4455-901a-bf4d33457bf0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:12:13.000000+00:00\nLast Submission:2026-04-20T23:12:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544909", "uuid": "92aa91e2-e5f4-46a0-9670-1979b800bb35", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544908", "to_ids": true, "type": "md5", "uuid": "a123ea44-1cd2-40a5-bacf-19a655e830cd", "value": "f6556e2fd0b7bda92f6dd089166bb630", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544909", "to_ids": true, "type": "sha1", "uuid": "34a92280-63ed-454f-b6cf-e424cd4ef568", "value": "139875afc0de59d3f80a3f949afc1eee6bd4bedf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544909", "to_ids": true, "type": "sha256", "uuid": "840fe79c-7e33-40c9-a388-3c28935a9572", "value": "25f2ed357ce7ed928f291e6e81ddc17ac0f8f2e4cf0a57fb76e20e501b61da91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308848", "to_ids": true, "type": "ssdeep", "uuid": "37f7a7cd-fbf9-401b-a46c-935785e55be8", "value": "3072:0JTeXQwDasaAmiTQhAS/xYN0251756565rnIryH9/C3zK:seXbuFaTcAS/0m/m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308848", "to_ids": false, "type": "size-in-bytes", "uuid": "7ce0f1f3-0004-4251-9866-eb6be87d33a4", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308848", "to_ids": true, "type": "vhash", "uuid": "5116b71e-6835-4560-b49f-55acfa463751", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308848", "to_ids": true, "type": "filename", "uuid": "c766ba6c-0c8a-4954-84f7-def7a4dba761", "value": "25f2ed357ce7ed928f291e6e81ddc17ac0f8f2e4cf0a57fb76e20e501b61da91.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308848", "to_ids": false, "type": "text", "uuid": "227de26b-f493-4586-a727-0faf1d535e2c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:20:36.000000+00:00\nLast Submission:2026-04-20T23:20:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544912", "uuid": "92f2246c-035f-4e01-955d-3b4b58e174b3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544911", "to_ids": true, "type": "md5", "uuid": "81140c1e-b8d8-4d73-bd6a-6a084dcfcbff", "value": "fad48a931f94ffaf5a969ea9f28bb59c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544911", "to_ids": true, "type": "sha1", "uuid": "65d7e02a-2ec4-497a-a74e-87371e2565b7", "value": "2d9252632ab5a1b2c9089c0276bda5cb6ba46156", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544912", "to_ids": true, "type": "sha256", "uuid": "a0771506-9c12-49c0-b151-5ed3223e0f0a", "value": "19f7e0250094904f5abb1339202ab730c232d05ab88f7d539e0adfbbf77b33e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308870", "to_ids": true, "type": "ssdeep", "uuid": "01f9d095-d945-4a02-a505-d61bca57f097", "value": "3072:vMIFxnPKtpWAePQJA/saq+mvmSOo2iePG3ufWC+vr//T/7nM4L3zm2Q9ZVbq+b2f:0Wnyt4H0A/sd+oAkNL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308870", "to_ids": false, "type": "size-in-bytes", "uuid": "fce95fa0-b717-4bfc-a151-a174e0914176", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308870", "to_ids": true, "type": "vhash", "uuid": "4d85c09a-af5e-4743-8e5c-16ff1fd86cb7", "value": "115066655d155d055az52hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308870", "to_ids": true, "type": "filename", "uuid": "3ee0a8f9-0ebb-4aea-a283-ffd2646d3217", "value": "19f7e0250094904f5abb1339202ab730c232d05ab88f7d539e0adfbbf77b33e3.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308870", "to_ids": false, "type": "text", "uuid": "6925e6db-224b-416c-9d3f-3c3712dfafed", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-20T22:54:17.000000+00:00\nLast Submission:2026-04-20T22:54:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544914", "uuid": "0a0f2af9-16d6-4152-82c2-88ae6202b6f0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544913", "to_ids": true, "type": "md5", "uuid": "ab39f015-4287-44af-b3b0-ba3d6ba1015a", "value": "ffc6a102f2bc94786d2aee273a1ed53b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544914", "to_ids": true, "type": "sha1", "uuid": "0ad8f93f-e2d2-419b-a0d0-795b85451260", "value": "f8a2e0a5dc0ea6e72ec1a2fa7a552347f24262ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544914", "to_ids": true, "type": "sha256", "uuid": "d98e4211-8cb7-4248-bce6-38964ebb8fa0", "value": "3ae04e79172b744d8f56b3b9256a1427c404afb0621c3436a3e8d42178825d25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308891", "to_ids": true, "type": "ssdeep", "uuid": "9efdf1d5-4e39-4fb8-a68b-425fbe011d84", "value": "49152:+r/GPTFnajrsL+p9Ssnk0BVhZI8V/I9OOqjoyfyHFXHbVIUt5PxRChagvHzA3WfN:+r/kFacnehZI8iYmyfAXmED//S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308891", "to_ids": false, "type": "size-in-bytes", "uuid": "7d27ab0b-90f6-43b4-88f5-ca0f984eb2e6", "value": "6536704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308891", "to_ids": true, "type": "vhash", "uuid": "339bfd6b-9588-4382-98fd-fe7fabb8bda6", "value": "0660b6666d5c0d5d151c0142401006900940f5z80c5z42zbf03cz2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308891", "to_ids": true, "type": "filename", "uuid": "920b7a39-b683-402f-a1ff-f1138c35ade5", "value": "3ae04e79172b744d8f56b3b9256a1427c404afb0621c3436a3e8d42178825d25.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308891", "to_ids": false, "type": "text", "uuid": "7302f0fc-3ce8-47ed-9260-7109678016d3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-20T23:05:35.000000+00:00\nLast Submission:2026-04-20T23:05:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544917", "uuid": "5dcccda7-f2fa-49db-bedd-c287a15efb96", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544916", "to_ids": true, "type": "md5", "uuid": "ecda8bd0-a957-4f05-bf89-3a627fa792b8", "value": "ffd52dffdfb8340a2dda27fcab828fd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544916", "to_ids": true, "type": "sha1", "uuid": "d5b391da-3f8d-4171-b9d8-6321407e2ba9", "value": "232c99c09b04b98ea62e9562454a492ae27099eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544917", "to_ids": true, "type": "sha256", "uuid": "6f150e75-54df-4999-9250-ce4e7960a8c6", "value": "1f97e6b66a3bdcac1b0438d9dbf7b298dcdc57593692f10f354fef9640397817", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777308913", "to_ids": true, "type": "ssdeep", "uuid": "8f9e75ea-3c17-491c-a5c5-a5477d72b111", "value": "3072:jbsjDT7Bvx29xUYuDOH/OhuJw758TEO9niTGq/9O1gyugnB62d:vID3t0UZk/Cgbiz9iwmB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777308913", "to_ids": false, "type": "size-in-bytes", "uuid": "e4737c64-6b07-4f94-b9f2-fbf4a6bec361", "value": "188928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777308913", "to_ids": true, "type": "vhash", "uuid": "9692e1a8-861d-4131-8185-7b2c0e4a4f36", "value": "0150a76d1555555c0d1d1038z3c38fz13z1032z117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777308913", "to_ids": true, "type": "filename", "uuid": "c654c629-3dc2-4a14-9e35-7a792488c4a9", "value": "1f97e6b66a3bdcac1b0438d9dbf7b298dcdc57593692f10f354fef9640397817.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777308913", "to_ids": false, "type": "text", "uuid": "7569155e-524a-439b-8e34-6c30f3e9b3ec", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:52/71\nFirst Submission:2026-04-20T22:43:13.000000+00:00\nLast Submission:2026-04-20T22:43:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544919", "uuid": "be9bf777-0fa1-4e41-9782-53238caf22a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544919", "to_ids": true, "type": "md5", "uuid": "226d79a1-a8de-46bd-a78a-2b160b6e15ec", "value": "5167a184f1ed22b89872070e6ead7d89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544919", "to_ids": true, "type": "sha1", "uuid": "4c25bf94-43a8-49ff-a4b0-657958325058", "value": "4eec4c94fa468e2450fa3030b446865033be6d0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544919", "to_ids": true, "type": "sha256", "uuid": "2fdba8da-ae43-4fd6-a083-71c08cf2c2ff", "value": "39825ec2d64d0187c76ac8ed8f177ddff0bd1e50f6b95b630beaf897def57bf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309337", "to_ids": true, "type": "ssdeep", "uuid": "fceb62a4-2a77-4b65-a575-358a63637b93", "value": "3072:iMU5V3RNUOiGyAQbnA8i9tvoyfm2GgzskZpgyzfWHDrB7ijPGyuIWCmvVyHXvGO4:xe3bUT+MnA8i7vqTVV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309337", "to_ids": false, "type": "size-in-bytes", "uuid": "fbec4597-c579-45a4-8e2b-c9e696fe0231", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309337", "to_ids": true, "type": "vhash", "uuid": "a453c4c7-3b30-411f-8124-647c57c40902", "value": "115066655d155d055048z517z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309337", "to_ids": true, "type": "filename", "uuid": "ae00e429-610d-4d3f-b051-cf29ae63fc2c", "value": "39825ec2d64d0187c76ac8ed8f177ddff0bd1e50f6b95b630beaf897def57bf5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309337", "to_ids": false, "type": "text", "uuid": "309e06bb-22c6-466b-ae56-c0339d20412c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:42/72\nFirst Submission:2026-01-07T19:20:49.000000+00:00\nLast Submission:2026-01-07T19:20:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544923", "uuid": "e06e7849-56e5-4b3d-b767-9f05590b188a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544921", "to_ids": true, "type": "md5", "uuid": "865ddf5e-525f-450e-a9d0-6fa502bfca9e", "value": "6afcfda831eb767f89c2769e479ca0f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544922", "to_ids": true, "type": "sha1", "uuid": "2a4081cc-5759-4697-a4a6-a6e47f6c4be4", "value": "203c9c6e612d5d3d7ffad48ec950ec503a9468cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544923", "to_ids": true, "type": "sha256", "uuid": "637e59c1-cb3f-4889-9ddc-09db74d184ff", "value": "4ceb6c4ad435d9f6236a90f3659a9939e6375cbd4a1a0573a76d0b7d421eb711", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309400", "to_ids": true, "type": "ssdeep", "uuid": "54abb4fd-b5db-4f71-9250-af89904d3a05", "value": "49152:5kwEoG/oP/Ys2ujd+BWwx+GUcepWJUkhCULp2w5//5+xvGT6lzLo1XfKiK9KvYag:5NiVzgNWlQUUwcDvUbYuEV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309400", "to_ids": false, "type": "size-in-bytes", "uuid": "cecfa3ab-2af9-4358-880a-9f50f5962686", "value": "6432216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309400", "to_ids": true, "type": "vhash", "uuid": "520b1ddb-7dab-4add-b605-df99bf2c8304", "value": "066096655d65551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309400", "to_ids": true, "type": "filename", "uuid": "8667bbf7-3f06-4e16-8dc9-647030c96d38", "value": "mstelemetry.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309400", "to_ids": false, "type": "text", "uuid": "4a13d8fe-30d1-41ba-b02a-898a46f8ff25", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malcert\nVT Total Detection:44/71\nFirst Submission:2026-04-22T01:08:10.000000+00:00\nLast Submission:2026-04-22T01:08:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544925", "uuid": "fe10fee3-9cf3-4755-b6ef-b7b525a61cf2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544924", "to_ids": true, "type": "md5", "uuid": "df94a6c5-b82c-4698-bdf4-c81c4e768010", "value": "edaf22acaf704a7bee0d5a8d0fe53154", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544925", "to_ids": true, "type": "sha1", "uuid": "dc5b01c1-8985-4699-b741-553b3c93d022", "value": "adef8d561d17fc0af36d76eea10e1e7480f0c38e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544925", "to_ids": true, "type": "sha256", "uuid": "284987f2-12dc-4214-bd1b-c9a3bcf6e476", "value": "4eb59190db9df5c7c07f766579500058b1cc99fe5627e3362cee7f775337d465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309422", "to_ids": true, "type": "ssdeep", "uuid": "34983647-b236-4b85-9695-ea76970f31c0", "value": "3072:4k9MwulKXezak9QbNOkzviKtHAOjzJoyfm2GgzskZpgyzfWHRzT9aiD8V3QPx:4kSAXIMNOkzvhtum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309422", "to_ids": false, "type": "size-in-bytes", "uuid": "f522b7c6-7b4a-4626-ac9a-59c62f467452", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309422", "to_ids": true, "type": "vhash", "uuid": "a7e3f59e-d1d4-4b9c-902a-ed6cb5e6256d", "value": "115066655d155d055az557z2095z13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309422", "to_ids": true, "type": "filename", "uuid": "85c4bd8f-260d-4dbe-8211-ba7a5d57e9b3", "value": "4eb59190db9df5c7c07f766579500058b1cc99fe5627e3362cee7f775337d465.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309422", "to_ids": false, "type": "text", "uuid": "0a404110-ac08-444e-9021-b8a08bd27cfa", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T22:55:34.000000+00:00\nLast Submission:2026-04-20T22:55:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544928", "uuid": "0d2cadd6-7725-461d-bc49-15e6834af5ee", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544927", "to_ids": true, "type": "md5", "uuid": "859672b9-46e0-4c0a-8992-11b3af19a024", "value": "8889c399da6ba57be7e4bc5f2692880f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544927", "to_ids": true, "type": "sha1", "uuid": "08bbc113-7ec4-42a9-9b2d-8c2ea7defb50", "value": "8ab60760567b2263946917c5137d3277f04f188a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544928", "to_ids": true, "type": "sha256", "uuid": "7b4de702-9959-47b8-89ef-bf7a1b4dd037", "value": "5271fde21df8ccd35386cc28647d18abfff93205abae53fc4339769f9867a9ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309444", "to_ids": true, "type": "ssdeep", "uuid": "e702f76d-3b6b-43d8-b52d-0f2a105a91ee", "value": "192:MjIE92g9U2Xz/vNXXLplWZXs3QjpwQkipUDTndOxoBCKsE5wqZSLUu:Mjf9uiFLTWVGcwBipS+eCZMwqZSLUu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309444", "to_ids": false, "type": "size-in-bytes", "uuid": "bf70dc21-e72e-466b-8e4a-b7f3e5b15d4a", "value": "17408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309444", "to_ids": true, "type": "vhash", "uuid": "827d464e-7c25-4fb8-9a74-37a6fefa112a", "value": "1140b76d1515151c051d1az1f0ffz13z11z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309444", "to_ids": true, "type": "filename", "uuid": "9aa523dd-c53b-4570-9f1f-9a072063b56e", "value": "5271fde21df8ccd35386cc28647d18abfff93205abae53fc4339769f9867a9ca.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309444", "to_ids": false, "type": "text", "uuid": "949b9d23-ea12-4c1c-8541-f184ccc5a0b8", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-21T00:36:42.000000+00:00\nLast Submission:2026-04-21T00:36:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544930", "uuid": "7947a821-e2be-4b55-acf2-eaa856dbd23b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544930", "to_ids": true, "type": "md5", "uuid": "28369e4e-9cc2-45f7-bb86-41cdd4d01150", "value": "d4422c978088de2387bfcf2a26cf7ada", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544930", "to_ids": true, "type": "sha1", "uuid": "05428913-6490-4539-9cb6-f22e5dc0b783", "value": "2eda04810aea6f6eaaa566d4866cca05610d9e83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544930", "to_ids": true, "type": "sha256", "uuid": "2ee04071-cbdd-4b5e-a15d-88077a3772db", "value": "52dfbbf3639d3f692e54df660a6627e58a0e43c002eef3668e497b1a706fc60b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309466", "to_ids": true, "type": "ssdeep", "uuid": "4dbec8ad-44ec-4780-9e7d-cf4dd3a51fdc", "value": "6144:lqbW97CaMJS+xKnkc2zKVuPHy+iZW2jynXGA:0mC5gXkvOdhHBA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309466", "to_ids": false, "type": "size-in-bytes", "uuid": "30e8dd0e-5b2a-4a05-88a5-175977fc0898", "value": "238113" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309466", "to_ids": true, "type": "vhash", "uuid": "4ec538c0-2bbd-4d92-bb4a-41ed2939e2f9", "value": "1251376d1515151c051d1az180elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309466", "to_ids": true, "type": "filename", "uuid": "fc415cdb-6725-4088-9d72-8b919fb75dc1", "value": "52dfbbf3639d3f692e54df660a6627e58a0e43c002eef3668e497b1a706fc60b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309466", "to_ids": false, "type": "text", "uuid": "52d9d808-894e-48b5-8350-b1150b303fd9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:23/72\nFirst Submission:2026-04-20T23:16:01.000000+00:00\nLast Submission:2026-04-20T23:16:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544933", "uuid": "97f475ac-9e5e-4f4c-9a46-1eabb0dade0e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544932", "to_ids": true, "type": "md5", "uuid": "a5dc3871-f38b-4f27-95cb-667b56af9ba6", "value": "610150fb52d22ccb6e7a1dbddc768322", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544933", "to_ids": true, "type": "sha1", "uuid": "ec7858ec-a6d9-4851-9b11-acb1970d8a28", "value": "6affb81c300eb10a90202e380e9fab00bc4bd70e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544933", "to_ids": true, "type": "sha256", "uuid": "e1d50129-b63c-46ca-9f38-a8ae35260819", "value": "551959ee1d62b10e9155b50a29ef3e336dac3c2781309aafbbaced37fc1bdeb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309488", "to_ids": true, "type": "ssdeep", "uuid": "fbf2f073-4114-452f-ba61-512b5600834e", "value": "3072:umsCo8ITrpqZjz0FKUYNVuPoNxPCc1y5+4:lv9ITrSjz0gXuP8Is4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309488", "to_ids": false, "type": "size-in-bytes", "uuid": "6400a09a-6747-452c-ae01-5974461fdc37", "value": "117248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309488", "to_ids": true, "type": "vhash", "uuid": "33f17ef9-0d5e-45ee-b8b4-06e2314b0cc5", "value": "115066655d151d055098z62hz13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309488", "to_ids": true, "type": "filename", "uuid": "1e701525-398f-4c33-a764-6f1364947ded", "value": "551959ee1d62b10e9155b50a29ef3e336dac3c2781309aafbbaced37fc1bdeb4.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309488", "to_ids": false, "type": "text", "uuid": "04f82541-483b-4959-b9a0-f860bf94bfe3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:28/72\nFirst Submission:2026-04-21T00:41:19.000000+00:00\nLast Submission:2026-04-21T00:41:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544936", "uuid": "039bfd34-b889-49ba-82e9-bb2b31d329fa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544935", "to_ids": true, "type": "md5", "uuid": "5d0c8cda-5b2a-481b-b42f-83d970819ec7", "value": "eefb0f79d5e2ac675d70867b1b612fb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544936", "to_ids": true, "type": "sha1", "uuid": "88fab816-ac6a-44bd-89ca-ab3785374103", "value": "2b4d025a8723a701d4b54a7900d1b2a5b2a8bd8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544936", "to_ids": true, "type": "sha256", "uuid": "06e47ebc-6d07-478c-ade4-e07a73b5f8a9", "value": "575c5f695f6857181003bf60b92632fe0525b186ab7d3357ba148de3f7ab3409", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309531", "to_ids": true, "type": "ssdeep", "uuid": "0ded8d99-1dfa-4860-b511-f3b1b5b08942", "value": "3072:8R/WBGfzvsiA8GSUQb8wTuckDAtpFrpqpqpvfkTin2mIBFP/:8BwGfjtHaM8wTuFbXmSF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309531", "to_ids": false, "type": "size-in-bytes", "uuid": "1e842d29-3862-442f-8c6e-8ab7688f6305", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309531", "to_ids": true, "type": "vhash", "uuid": "72396c3e-bad2-4a6b-9aec-7a33a90c805d", "value": "115066655d155d055az4fnz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309531", "to_ids": true, "type": "filename", "uuid": "869e2423-ed98-4f23-b6e2-a8b87a469717", "value": "575c5f695f6857181003bf60b92632fe0525b186ab7d3357ba148de3f7ab3409.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309531", "to_ids": false, "type": "text", "uuid": "65dba6cd-be0c-4f12-ba18-a327d34ab3a0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T22:59:25.000000+00:00\nLast Submission:2026-04-20T22:59:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544939", "uuid": "90306c4b-28ce-4d10-a308-590f43c7dac9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544938", "to_ids": true, "type": "md5", "uuid": "804c1b33-444f-4520-85d6-d53c55c621cf", "value": "94b5bc14076d566fd39ecc6ec289b327", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544938", "to_ids": true, "type": "sha1", "uuid": "2474d1ad-04b9-41ef-94b9-7bc2f4aea023", "value": "96388129e8f51888c34301ff09072b855070d803", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544939", "to_ids": true, "type": "sha256", "uuid": "f580856c-1a30-43e5-8bc4-9420793e8e6a", "value": "5991fdeb3cd1d35a200be41a06ceead3409fc8db84fc7f7a50a8520c8eefbb43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309552", "to_ids": true, "type": "ssdeep", "uuid": "7bb1bad7-8f24-46b5-b243-33d4b453c171", "value": "1536:qScB9VTttTKSMiZkYfON9zs4KnWo4ubJZcvu0m:FM9VTtDlkuaMnWo48JSvu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309552", "to_ids": false, "type": "size-in-bytes", "uuid": "553f7e8d-1e3a-4e3a-9539-1755e5c099ff", "value": "59392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309552", "to_ids": true, "type": "vhash", "uuid": "adcb1af6-497f-4289-9795-e07f8b62190a", "value": "1540c76d1575151c051d1az1c11lz3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309552", "to_ids": true, "type": "filename", "uuid": "ba9c8fd5-3c74-45ea-aa52-bd1794503158", "value": "Zoom.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309552", "to_ids": false, "type": "text", "uuid": "f2a50074-a5ba-41e6-9ded-19f1aa484d9a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:33/71\nFirst Submission:2026-04-22T07:06:36.000000+00:00\nLast Submission:2026-04-22T07:06:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544941", "uuid": "4210a474-df24-40b8-a540-da1b21be6205", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544941", "to_ids": true, "type": "md5", "uuid": "586d29bb-9ff8-4f3a-8772-72f12233568f", "value": "06793a940bb69dae411944018914d6cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544941", "to_ids": true, "type": "sha1", "uuid": "ff5b8c60-f015-4a89-b033-64138b0171c3", "value": "0af0d2eeadd756ac4b3de846934abd81cadefb72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544941", "to_ids": true, "type": "sha256", "uuid": "12e06aa8-e517-4311-bb33-a599e1d19774", "value": "5a264e98f0e891e94f655581e8beb124a91c869a86aa591d038d5905c2bf6bf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309574", "to_ids": true, "type": "ssdeep", "uuid": "490daff5-d1ef-4502-b048-adcba1245243", "value": "6144:kG27Cao7S+7KnkU2MKVuLHyniZO2jq3HQ:UCdedkH7JijOQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309574", "to_ids": false, "type": "size-in-bytes", "uuid": "a07ccc3c-9797-4c77-a0e3-e7677972b2a9", "value": "237120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309574", "to_ids": true, "type": "vhash", "uuid": "030186c4-d0c3-4ddc-958b-ed944b40f590", "value": "1251375d1515151c051d1az150dlz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309574", "to_ids": true, "type": "filename", "uuid": "1758ceec-3920-484f-a7ae-322423c7b579", "value": "5a264e98f0e891e94f655581e8beb124a91c869a86aa591d038d5905c2bf6bf5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309574", "to_ids": false, "type": "text", "uuid": "823d7b04-569f-42b6-8a37-2da7da81a458", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:28/72\nFirst Submission:2026-04-20T22:56:04.000000+00:00\nLast Submission:2026-04-21T06:11:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544944", "uuid": "e4a5ed9d-9f35-4372-837d-f000dd5202b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544943", "to_ids": true, "type": "md5", "uuid": "9662636b-fe9a-44ac-9f52-8856c39ef1bd", "value": "2f61708ca7b1f95a6bd0fe8ffc120d21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544943", "to_ids": true, "type": "sha1", "uuid": "20ceacd6-ac38-4f7f-a2ad-d8530bbd3d21", "value": "c91c817e26dd96998b43df0db9d3fd40db1e12cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544944", "to_ids": true, "type": "sha256", "uuid": "93456bf2-bd79-4599-967e-5fdb7a0967b2", "value": "5b07f31b3bf546f4fae2cbf4f0e889deb1ae762795107db975657d094d275f80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309596", "to_ids": true, "type": "ssdeep", "uuid": "315821dd-7558-48cb-b6d3-cb5c2b7877d6", "value": "3072:7nRSDXaufe5GP2Qb6Ac6imeoyfm2GgzskZpgyzfWHDrB7ijPGyuIWCmvVyHfvGOB:MXrfolM6Ac6xgr+m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309596", "to_ids": false, "type": "size-in-bytes", "uuid": "97a35686-0677-4ca4-988d-cd65509abb20", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309596", "to_ids": true, "type": "vhash", "uuid": "4b95fc1a-cf1b-4fd3-a499-798fa5f85077", "value": "115066655d155d055048z517z209bz31z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309596", "to_ids": true, "type": "filename", "uuid": "2764c1a2-8837-426c-a1ff-da1afacfed29", "value": "639mpezz.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309596", "to_ids": false, "type": "text", "uuid": "eb2b6941-cbb8-4adf-b35c-b602af508214", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:18:13.000000+00:00\nLast Submission:2026-04-20T23:18:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544946", "uuid": "eed595e9-c9aa-4a03-a38f-509886edc3f0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544946", "to_ids": true, "type": "md5", "uuid": "02729303-eaa7-46f2-a728-1e3b7f21ea38", "value": "31621d3a99ea676372c88bcc13dcb1f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544946", "to_ids": true, "type": "sha1", "uuid": "141faf25-0cd3-48a0-8f43-60ca2808898c", "value": "1355427fc8c44245460f993e6264ee01399f62e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544946", "to_ids": true, "type": "sha256", "uuid": "2b217b07-7428-45c6-82dd-28e0badf7123", "value": "5b65dcede56b4b78b9a980cb9e6fae7db41722446f98fa041797fdc47e9cfba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309618", "to_ids": true, "type": "ssdeep", "uuid": "c32cbb8f-7745-4cde-8dc9-beb258f2c88e", "value": "3072:/4eckVPxIiTfVl7xAaAs0S+ttKnkKsT2E3KVu3HyuOiZPzJU2j/XChDi3kVPxIir:17CaAlS+LKnkd2WKVu3Hy3iZa2j/XAOM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309618", "to_ids": false, "type": "size-in-bytes", "uuid": "f51c6032-839d-4fdc-a157-c11fe863b4b4", "value": "243227" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309618", "to_ids": true, "type": "vhash", "uuid": "2eb0c038-4e70-4033-8f26-d1d24432e2c4", "value": "1251376d1515151c051d1az170e5z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309618", "to_ids": true, "type": "filename", "uuid": "74bb4c5d-b951-476a-b49e-823879ccf266", "value": "2fhlq4.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309618", "to_ids": false, "type": "text", "uuid": "163733e1-52ae-4a20-a41d-08cd5770184c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:21/72\nFirst Submission:2026-04-23T08:11:09.000000+00:00\nLast Submission:2026-04-23T08:11:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544949", "uuid": "9e87d742-a45a-44a6-b344-b0790bedf276", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544948", "to_ids": true, "type": "md5", "uuid": "129a10ad-9ada-4ccd-a686-cb752540c7a6", "value": "18f0f6e685d62bc58b77a5aef2a7014a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544949", "to_ids": true, "type": "sha1", "uuid": "050c5244-da76-4617-8e06-fd956d7c2672", "value": "a9256183e4b956bb67713d1411016c0bc2f0ff13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544949", "to_ids": true, "type": "sha256", "uuid": "44760ecd-33fa-45de-b6ee-2d7f576072a1", "value": "5e9fc9981aae9eef2908e773cd66862ba8bb1cfc69fc13ca16ec110221c5ab2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309640", "to_ids": true, "type": "ssdeep", "uuid": "c62ae124-6755-471f-a97d-d7cb692c63ab", "value": "3072:kadsSVIf03Q/GyOQb8Q/yJjG5U0vrXT/7nM4L3zm2Q9ZVbZacTphsrvMWvW:PTV403IwM8Q6Jy5PW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309640", "to_ids": false, "type": "size-in-bytes", "uuid": "e580c0c2-0190-4d3a-8e1f-14e02344c2b3", "value": "104960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309640", "to_ids": true, "type": "vhash", "uuid": "d8b5c1d6-ac98-4176-a1f1-b9d2fe49130e", "value": "115066655d155d055az54nz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309640", "to_ids": true, "type": "filename", "uuid": "cc5bcf76-d8a9-4a46-b593-051f467e7eaf", "value": "5e9fc9981aae9eef2908e773cd66862ba8bb1cfc69fc13ca16ec110221c5ab2b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309640", "to_ids": false, "type": "text", "uuid": "6eb3bfab-4ff8-48c0-b8ac-d924f670057a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:12/72\nFirst Submission:2026-04-20T23:07:22.000000+00:00\nLast Submission:2026-04-20T23:07:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544952", "uuid": "aa9b2c86-37d0-40b7-9f2b-46d212505c4a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544951", "to_ids": true, "type": "md5", "uuid": "5625bb66-8932-4c40-80a5-f82478e9c38d", "value": "6093eb7039c103ec63ad31e9ed606af3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544951", "to_ids": true, "type": "sha1", "uuid": "45f24862-a488-4056-8bae-05e62a8b18b8", "value": "dec7d5acb91ddfd3fb69973a70fa92d941a35d5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544952", "to_ids": true, "type": "sha256", "uuid": "49881696-74fc-4db5-8740-602021247767", "value": "6320afcd8111e22f29952da8a6763f6d85ed1effc643e0e2cb306b83ab677a27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309683", "to_ids": true, "type": "ssdeep", "uuid": "60acbadd-ad91-434f-8807-df0e2bff9778", "value": "3072:5ZMrseK1TY9GjUQb8Ag5TLWMNU0WyF8w:Isz1TmXM8Ag5neqF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309683", "to_ids": false, "type": "size-in-bytes", "uuid": "b8398e98-bd09-4261-8edb-9a9f0b6c1719", "value": "102912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309683", "to_ids": true, "type": "vhash", "uuid": "ac67b611-af08-4c34-a582-4713aec2d54c", "value": "115066655d155d055az4brz4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309683", "to_ids": true, "type": "filename", "uuid": "93380f7d-bcba-4c71-a404-8af3dd94a93d", "value": "6320afcd8111e22f29952da8a6763f6d85ed1effc643e0e2cb306b83ab677a27.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309683", "to_ids": false, "type": "text", "uuid": "16d394bc-3c7e-4ebf-a646-c9cb18d1378e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:41:43.000000+00:00\nLast Submission:2026-04-20T23:41:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544954", "uuid": "dba99b19-785c-4905-9050-62bb72850032", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544954", "to_ids": true, "type": "md5", "uuid": "cc43a521-7a94-46a9-a50a-f1e7415c3f09", "value": "a7c942ab022ada1a21be1ab953afc7cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544954", "to_ids": true, "type": "sha1", "uuid": "3b2006b4-ed1f-41fb-b2de-4e3c709c5678", "value": "a9d10d4fce4fb2f5869c336257e165b34de555e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544954", "to_ids": true, "type": "sha256", "uuid": "fa577a11-3cdf-48dc-b954-0d1c080af89b", "value": "66874e588b8e26569f743417d6d2eaf6e6b159c9add6246c283bfed9926a15d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309747", "to_ids": true, "type": "ssdeep", "uuid": "dd6095e1-3f7b-41a3-908e-b2b90cb0fee8", "value": "1536:VEbzbzAn+MC5RPYg47dcuJuWpsTHXSDatK6GUoyJuqeEUsWAQxdT9dlDHgUx64:C/UDC5WB8Wpg3HK6NooeWQrLdg4z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309747", "to_ids": false, "type": "size-in-bytes", "uuid": "ac91a9c5-c91b-462b-aa53-bd4433dc41b6", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309747", "to_ids": true, "type": "vhash", "uuid": "f66cca6c-59f2-4174-9e29-4aab37231d1a", "value": "115066655d155d055038z5dnz41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309747", "to_ids": true, "type": "filename", "uuid": "a5085c4f-9e5b-4a03-bbde-8328bd9c6e8b", "value": "66874e588b8e26569f743417d6d2eaf6e6b159c9add6246c283bfed9926a15d8_nethost.dll.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309747", "to_ids": false, "type": "text", "uuid": "5fe8f345-80de-4554-9e19-e571e722ecb5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T22:53:32.000000+00:00\nLast Submission:2026-04-20T22:53:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544957", "uuid": "e8d78747-0d6d-4bc4-82a5-74f983fbc67f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544956", "to_ids": true, "type": "md5", "uuid": "fce147cf-7c1f-4b9a-8243-f6f57eeecf6e", "value": "40528b3126d69b023c529d1792e93c5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544957", "to_ids": true, "type": "sha1", "uuid": "baa148c4-7b62-4d44-8311-b3bc3416892a", "value": "1e3d6cb54e45da6fbd2f55da5c3666565ad6fe6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544957", "to_ids": true, "type": "sha256", "uuid": "b94e4770-c83f-4663-aa2a-1d581fd7ee96", "value": "67bb238b5588dda629b50ab600b4d3b234dccacad05a1adc53ffe93858a3d2a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309769", "to_ids": true, "type": "ssdeep", "uuid": "56b2bbf9-85e9-4768-a952-8c611afa7f03", "value": "3072:zcTWuVl7xAakt0S+jtKnkRsT2jD3KVuuHycOiZPYfU2jHKso2:zC7CakuS+RKnkK2XKVuuHy9iZH2jHKH2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309769", "to_ids": false, "type": "size-in-bytes", "uuid": "cf16f1f1-3993-4ba6-a79d-a5fae785ee42", "value": "234481" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309769", "to_ids": true, "type": "vhash", "uuid": "23bf2651-ddfe-450d-bbb1-4e52b4a9191f", "value": "1251376d1515151c051d1az150dlz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309769", "to_ids": true, "type": "filename", "uuid": "612e216e-0419-4197-bd6b-e1d3c1d839c2", "value": "67bb238b5588dda629b50ab600b4d3b234dccacad05a1adc53ffe93858a3d2a5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309769", "to_ids": false, "type": "text", "uuid": "2c37bc88-1d05-41ef-9cac-dfa86c1e66bb", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:01:40.000000+00:00\nLast Submission:2026-04-20T23:01:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544960", "uuid": "36100fc0-4acd-4295-a008-5ce6cb193810", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544959", "to_ids": true, "type": "md5", "uuid": "d432ed57-b8d6-41a8-bdb7-40c9f9388a0b", "value": "1108014c89b0cc6d0789b9a022edf8c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544959", "to_ids": true, "type": "sha1", "uuid": "97300f4f-8ad5-4af0-af9f-b7afdf9dfe07", "value": "a16083eceb182ffc143c8ae91d9a4dcdda902709", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544960", "to_ids": true, "type": "sha256", "uuid": "6d689bda-c73e-4159-8502-35adbdcf418c", "value": "68d8be6f50548c59476cfa0a36c083a93128c4b5985ee49a9ce5664ddd0733bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309791", "to_ids": true, "type": "ssdeep", "uuid": "9617118f-76af-449b-9efb-2911e5696bbf", "value": "3072:8rTeXQwDasaAmiTQhAS/xYN0Z51756565rnIryH1/CIUK:qeXbuFaTcAS/0H0R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309791", "to_ids": false, "type": "size-in-bytes", "uuid": "3a168bb0-b95b-4520-b1e6-cde5eeb3bec6", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309791", "to_ids": true, "type": "vhash", "uuid": "61975430-a789-46c1-ba07-64d4b458ae36", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309791", "to_ids": true, "type": "filename", "uuid": "718c39a8-bed1-4f86-bf11-e3e7066db8d0", "value": "68d8be6f50548c59476cfa0a36c083a93128c4b5985ee49a9ce5664ddd0733bc.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309791", "to_ids": false, "type": "text", "uuid": "5606ed61-800f-429a-a504-174dd8042d4b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:23/72\nFirst Submission:2026-04-20T23:17:36.000000+00:00\nLast Submission:2026-04-20T23:17:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544962", "uuid": "6065c3c8-aece-460a-8b09-98ff37d3b75e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544961", "to_ids": true, "type": "md5", "uuid": "5a148d47-a074-4d0f-a133-38d6e3825309", "value": "fe44df54d8fffefa574d566a233a7831", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544962", "to_ids": true, "type": "sha1", "uuid": "be5e7c40-4df9-420b-a3fd-139be833b06a", "value": "9531c4069b0836987b396cda14f2ce9f296061aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544962", "to_ids": true, "type": "sha256", "uuid": "3a2b3f58-7b81-4315-9706-5f3dda53b710", "value": "6adfc4b725b80846d385b18071973b71181dcfd85eb2be45959a2bdca927a6e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309812", "to_ids": true, "type": "ssdeep", "uuid": "f81a2d37-66c3-405e-ba5a-22df816086d6", "value": "3072:12TeXQwDasaAmiTQhAS/xYN0w51756565rnIryHN/CDcK:yeXbuFaTcAS/0QzZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309812", "to_ids": false, "type": "size-in-bytes", "uuid": "a3c75679-6525-4a2d-8db7-828b0fc2592c", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309812", "to_ids": true, "type": "vhash", "uuid": "d2a7f10d-068f-4963-9e02-df78354469b8", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309812", "to_ids": true, "type": "filename", "uuid": "26f04791-9b97-481c-9ed2-a981871e5b3a", "value": "6adfc4b725b80846d385b18071973b71181dcfd85eb2be45959a2bdca927a6e0.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309812", "to_ids": false, "type": "text", "uuid": "dbc6598e-a326-4483-9169-dfbfb0aaa036", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:08:16.000000+00:00\nLast Submission:2026-04-20T23:08:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544965", "uuid": "756ea9d2-74e2-4e73-af13-796a94c4464a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544964", "to_ids": true, "type": "md5", "uuid": "cbba37a7-d8cd-4237-bba4-7c0a987ef11d", "value": "1641c13295f30b66c9afb3aa43116f47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544964", "to_ids": true, "type": "sha1", "uuid": "b5addd52-4aed-479a-b740-b853f678b8e3", "value": "c345269b616a63332dd8b9ca57a96cacfcb9ead4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544965", "to_ids": true, "type": "sha256", "uuid": "0081a490-558f-4568-b887-0f73ba2859eb", "value": "6ba39c979f3f4daf1e1fadc4b7eb983ea1fb48fa49a5a5325c99afbbede2d289", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309856", "to_ids": true, "type": "ssdeep", "uuid": "45bf43fe-c10e-41e0-b98f-aece41ad9dc5", "value": "3072:5LeTrVwYwnGysQbEATnTz7KJMblIdj9dLRQpu:4ThwYsyMEATnHewu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309856", "to_ids": false, "type": "size-in-bytes", "uuid": "ec9cc792-1124-43e2-9e8c-145039341f71", "value": "103424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309856", "to_ids": true, "type": "vhash", "uuid": "d51b7cea-a5d3-4256-8d3f-d834be45a8f4", "value": "115066655d155d055az4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309856", "to_ids": true, "type": "filename", "uuid": "b0dcb089-f799-496e-9092-6350b5a89ca9", "value": "78z1mib.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309856", "to_ids": false, "type": "text", "uuid": "6f15ae8a-d85c-422a-b597-baa96f7ee817", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:28/71\nFirst Submission:2026-04-24T05:15:43.000000+00:00\nLast Submission:2026-04-24T05:15:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544968", "uuid": "377adcf8-8c35-41b5-b314-4c77bc3cb380", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544967", "to_ids": true, "type": "md5", "uuid": "9bccac9e-5f79-4570-bd00-7b5462299659", "value": "184cf780e4a953afa344a2534fd04934", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544967", "to_ids": true, "type": "sha1", "uuid": "3ffa3576-a906-4ab3-970f-539592f2a6d7", "value": "522c35de5a74629270152d427f1ee3321242a516", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544968", "to_ids": true, "type": "sha256", "uuid": "f1612f6d-f02f-414f-b09b-b05bedd0f6b4", "value": "70d078e1971a6996688a5da4430b91bb6bc98f29768faed50a3258158cad2b2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309898", "to_ids": true, "type": "ssdeep", "uuid": "5daecce8-3f90-4096-b515-8954088ddbae", "value": "3072:eQkeuUVl7xAac10S+dtKnkQsT2Z3KVuxHy1OiZPWxU2ju6+q:emn7CacGS+bKnkH2NKVuxHy8iZP2ju6T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309898", "to_ids": false, "type": "size-in-bytes", "uuid": "632f4315-e868-4da0-929a-62e1eb118177", "value": "234479" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309898", "to_ids": true, "type": "vhash", "uuid": "661f1d6b-172c-42c4-b0c2-eefcc18f946d", "value": "1251376d1515151c051d1az150dlz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309898", "to_ids": true, "type": "filename", "uuid": "3765b0af-35c8-4a64-949c-0e02ef084451", "value": "70d078e1971a6996688a5da4430b91bb6bc98f29768faed50a3258158cad2b2c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309898", "to_ids": false, "type": "text", "uuid": "6dc894ce-1c4f-4e07-9e20-2d4760aab251", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:28:58.000000+00:00\nLast Submission:2026-04-20T23:28:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544971", "uuid": "9383c038-b73b-4ec8-84f4-ac86ca8da4b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544970", "to_ids": true, "type": "md5", "uuid": "1e4fa57a-0e31-437b-8a41-fbe9d1ce2c44", "value": "cf5f67cba2423612626b18d9e37b2d00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544970", "to_ids": true, "type": "sha1", "uuid": "bb1db95f-5f2c-474b-99ca-577d671a0662", "value": "d2255ee452a1a6727c0b2e3e471889759771b534", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544971", "to_ids": true, "type": "sha256", "uuid": "84350478-4770-4dde-abd7-e3175a9061cd", "value": "72c06f6eeaee17b5bbf2187dd5e7c1a367e01d249d1bbca2cc9f3eba00399881", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309941", "to_ids": true, "type": "ssdeep", "uuid": "7ec6f8c9-2bc9-46dc-bda3-3b2ac8558ea9", "value": "3072:PI/azEnyFSpckqn/JqCJxSjjuzckVPxIiTRQDol:PIuEyY2n0leCDol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309941", "to_ids": false, "type": "size-in-bytes", "uuid": "f237de51-91ab-4357-9384-314585a69b31", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309941", "to_ids": true, "type": "vhash", "uuid": "005e5607-8861-4d77-b871-719803d06441", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309941", "to_ids": true, "type": "filename", "uuid": "1989a0d0-48dd-4525-ac24-d2bf4c3c91e8", "value": "72c06f6eeaee17b5bbf2187dd5e7c1a367e01d249d1bbca2cc9f3eba00399881.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309941", "to_ids": false, "type": "text", "uuid": "a726dcbc-a3e9-48ae-812d-6c5dfd32a690", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:13/72\nFirst Submission:2026-04-20T23:11:07.000000+00:00\nLast Submission:2026-04-20T23:11:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544973", "uuid": "1eb7f1e3-6891-4960-bb1c-139e9e0b7ffc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544972", "to_ids": true, "type": "md5", "uuid": "e89ba2d7-f646-45d8-9ece-caaad30f2a10", "value": "a00d31ca7130d96f25b8f966c617a3ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544972", "to_ids": true, "type": "sha1", "uuid": "2e9a6ea8-40b1-483f-a8ba-8057a21ff376", "value": "5d9ce637030eee2229755ca81efe2986e0e7fb36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544973", "to_ids": true, "type": "sha256", "uuid": "62d13a96-f9fb-4b00-8462-9dd0b919aa3d", "value": "755e321db26998d727d5e356ef511e7cd7dc6d511195e0c829833b4437747916", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309963", "to_ids": true, "type": "ssdeep", "uuid": "4ce198c3-dfb2-4d1d-b13b-8d7c850aec6b", "value": "3072:jxTeXQwDasaAmiTQhAS/xYN0A51756565rnIryHs/CwnK:5eXbuFaTcAS/0sFK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309963", "to_ids": false, "type": "size-in-bytes", "uuid": "647159b3-4ec9-4c2e-8fd9-596ae2844935", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309963", "to_ids": true, "type": "vhash", "uuid": "39adbafa-a52d-402f-83ae-18e06eee6727", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309963", "to_ids": true, "type": "filename", "uuid": "b765c1de-3255-468e-b6a8-1f898d02ee55", "value": "755e321db26998d727d5e356ef511e7cd7dc6d511195e0c829833b4437747916.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309963", "to_ids": false, "type": "text", "uuid": "eb8473e3-6e22-429c-9c03-c512869c1da9", "value": "Type Description: Win32 DLL\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:38/71\nFirst Submission:2026-04-21T00:16:00.000000+00:00\nLast Submission:2026-04-21T00:16:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544975", "uuid": "560c1245-86c3-4072-a0ef-e43777006ff6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544974", "to_ids": true, "type": "md5", "uuid": "bbec0cf6-6867-4889-b568-978e87cd44cc", "value": "64a494c165985dfd33df3fee22f0dc1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544975", "to_ids": true, "type": "sha1", "uuid": "a51b7af3-024f-4b37-8563-16c97a2dc007", "value": "36f9c2cf030a69f75ce38cf939dbaa78046a0683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544975", "to_ids": true, "type": "sha256", "uuid": "390dd3c0-c1aa-4b38-ad50-a6389d3f34fe", "value": "79691ce6c618034e39dcac49a46e1aeacdf06523f572c8e05bf86fb49bd09a12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777309984", "to_ids": true, "type": "ssdeep", "uuid": "7b5f7458-dbe3-4d3b-8f0d-b0470b5358f3", "value": "3072:y3JyyH55paHQeOl0N1jcpTpIS/GWmATME5JAST/2njLhbC3G1jSzoQsLyckVPxIU:oMi5uHOl0rjcW5QsFk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777309984", "to_ids": false, "type": "size-in-bytes", "uuid": "ede39b29-1c89-4258-842e-ace11f63cebc", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777309984", "to_ids": true, "type": "vhash", "uuid": "e38474ff-2794-4cf2-bfb9-76154d2335e5", "value": "115066655d155d055az57hz13z41z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777309984", "to_ids": true, "type": "filename", "uuid": "a6c6affc-f4a9-4e22-aadb-398b49f26c2b", "value": "79691ce6c618034e39dcac49a46e1aeacdf06523f572c8e05bf86fb49bd09a12.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777309984", "to_ids": false, "type": "text", "uuid": "22072877-afaf-48af-af10-7b7915fbbf5e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:36/71\nFirst Submission:2026-04-21T00:02:44.000000+00:00\nLast Submission:2026-04-21T00:02:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544978", "uuid": "773ecb10-8089-45fe-91a1-85dc647c37dc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544977", "to_ids": true, "type": "md5", "uuid": "993da732-fdb5-4342-ad22-00205b0345df", "value": "48a8f7ad75175fcf911d460da5e7b634", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544978", "to_ids": true, "type": "sha1", "uuid": "ac5acace-092f-4305-9d46-981fbb8dc7ba", "value": "3cda08a02019e1383e47bce2f72fd482d80f80ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544978", "to_ids": true, "type": "sha256", "uuid": "f77191ba-d168-42ca-a435-945c31f8428a", "value": "7aade8fe1559a270306c43a674b80edacf7c4504f41399169e21641ce3639b60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310006", "to_ids": true, "type": "ssdeep", "uuid": "f91bd9a4-3997-4bea-8014-7d005ec780a2", "value": "3072:WyWojhwVu6p0ZdnU/56JL5qdcKltX62qM:l3wMPm56BhKKrM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310006", "to_ids": false, "type": "size-in-bytes", "uuid": "7ac7bb95-32c0-4db0-8e59-ebfdae0b94ae", "value": "116224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310006", "to_ids": true, "type": "vhash", "uuid": "95801a7c-0672-4dac-98b2-d75d2ed237a9", "value": "115066655d155d055088z68z2095z13z5ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310006", "to_ids": true, "type": "filename", "uuid": "f4567286-728b-48fc-bc98-c65e13e645c7", "value": "7aade8fe1559a270306c43a674b80edacf7c4504f41399169e21641ce3639b60.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310006", "to_ids": false, "type": "text", "uuid": "1b1abf84-f681-43de-bc99-bc34f5c072f8", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:40/71\nFirst Submission:2026-04-20T23:25:32.000000+00:00\nLast Submission:2026-04-20T23:25:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544981", "uuid": "392216b5-bec1-4db6-a8ff-3c307c023a58", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544980", "to_ids": true, "type": "md5", "uuid": "cc5c3556-df53-482a-b00f-a2eb1dfe0e81", "value": "fe1bbd485177181eb497e666b5d1e551", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544980", "to_ids": true, "type": "sha1", "uuid": "a71d6638-cb4a-4080-9c8e-dd886553e957", "value": "9700fe9bc36f92049c4919cbfafd37daf915f88a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544981", "to_ids": true, "type": "sha256", "uuid": "1246a3ab-dea7-40ec-96b3-84bd9d223355", "value": "7ac78ea5f8cd1abb74458d9e6a29d67fc4c904ac2c6c76c2a33da5f61df8d900", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310028", "to_ids": true, "type": "ssdeep", "uuid": "a3676324-7d85-45e5-a862-c233f1cc770c", "value": "3072:pf7T1KXHpWGeZQb7QuTsWwDvrX8o7njWmAtpFrpqpKp6VIbvetWN:p16HI3M7QuT7JQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310028", "to_ids": false, "type": "size-in-bytes", "uuid": "22c93526-edf6-4a7c-ac9b-2880e3fbb880", "value": "105472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310028", "to_ids": true, "type": "vhash", "uuid": "2f87bed8-3362-4936-ac29-52fd2c4f442d", "value": "115066655d155d055018z56nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310028", "to_ids": true, "type": "filename", "uuid": "296f4021-2c81-4ef9-b659-59aa63208373", "value": "7ac78ea5f8cd1abb74458d9e6a29d67fc4c904ac2c6c76c2a33da5f61df8d900.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310028", "to_ids": false, "type": "text", "uuid": "a2c261d3-1aca-469a-a926-b170d2fc1745", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:38/71\nFirst Submission:2026-04-20T23:13:40.000000+00:00\nLast Submission:2026-04-20T23:13:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544983", "uuid": "70e452b1-6190-4d30-99d7-1243d41c676a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544983", "to_ids": true, "type": "md5", "uuid": "2d2528e0-3317-447e-9bbb-db1c7432120a", "value": "65e73a3109c3e4587573254173833538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544983", "to_ids": true, "type": "sha1", "uuid": "e73b0961-e2f7-468d-b2f8-4f112374ae90", "value": "4d02fcaa5c8aba459d38c9fa1b61a99ad6948d59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544983", "to_ids": true, "type": "sha256", "uuid": "cefb0543-e62b-4747-b44b-a1f0747c6cb7", "value": "7bbec88b1318b26b7555a984e8e09245530edcd3ea9904225d32ccb9868a0914", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310049", "to_ids": true, "type": "ssdeep", "uuid": "bdc347b2-6ccd-4cd2-9900-0e66bf40be66", "value": "3072:a/azEnyFSpckqn/JqpJxSjjUTckVPxIiTRQXol:auEyY2n08EiXol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310049", "to_ids": false, "type": "size-in-bytes", "uuid": "c9d05578-9d33-4b67-8bd6-7fafa02a3ff6", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310049", "to_ids": true, "type": "vhash", "uuid": "e121cb41-471f-40aa-bb7c-de3c03f4e163", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310049", "to_ids": true, "type": "filename", "uuid": "08eb2bfa-9a31-4f03-a5db-29c36513c7d1", "value": "ta0ao935.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 26/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310049", "to_ids": false, "type": "text", "uuid": "2330a598-a5a3-4514-ad3c-8a7bfcfc93ef", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:20:54.000000+00:00\nLast Submission:2026-04-20T23:20:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544986", "uuid": "e842c379-602f-4ad5-96c3-35019552fa11", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544985", "to_ids": true, "type": "md5", "uuid": "953a39ec-e957-4e0a-9987-d90851397e3f", "value": "09b8131fed390fa1ef74ea2af35f91f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544986", "to_ids": true, "type": "sha1", "uuid": "0e1c4ae5-d31e-41f5-ada5-2687d788ceff", "value": "862b2f291823b1f7e7bcbdcb869b91b530e68d44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544986", "to_ids": true, "type": "sha256", "uuid": "c94a245e-1bca-4b41-a76c-d58b19f69d3a", "value": "7ebbd673f805dd1f8b8a7a58e81b51c0870a6a62ba09b3460198add11f593a28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310092", "to_ids": true, "type": "ssdeep", "uuid": "4bbb15ec-8236-425f-ae23-18324386bc04", "value": "1536:lVNo5apiHibqNYt2gBv+kIEd0TH0SmqCsNFndjW78EEvsWd3d49dl+tsjZAmxds:cR4qmtM9EdIUBANFnd7E2toUAZAmb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310092", "to_ids": false, "type": "size-in-bytes", "uuid": "83e96eb4-5746-4bab-9066-29fcb6852346", "value": "114176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310092", "to_ids": true, "type": "vhash", "uuid": "e8b19cf4-f856-477d-88d2-e69e3b5c5952", "value": "115066655d151d055088z55hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310092", "to_ids": true, "type": "filename", "uuid": "748f6d8d-cd04-43e7-95a7-f9be3a0d05f0", "value": "7fp8mqp8.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310092", "to_ids": false, "type": "text", "uuid": "35b028a3-3cb3-4b42-8524-e320ca14681b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:59:03.000000+00:00\nLast Submission:2026-04-20T23:59:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544989", "uuid": "ce9e6118-313a-44aa-9cef-ec52cd397681", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544988", "to_ids": true, "type": "md5", "uuid": "6276f653-e0fe-4483-9a39-27437754d064", "value": "79f7963ba3a2d6b1a37f44ef7efadb2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544988", "to_ids": true, "type": "sha1", "uuid": "26024c07-5648-438a-a94a-b5bdf6c9d2fb", "value": "2ae364980d6d7a4575455b248383fcae36419e2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544989", "to_ids": true, "type": "sha256", "uuid": "7c1018e6-d26e-4d89-8db6-775b1e5b651f", "value": "843f24b6155c6bf363cf16ffa28d26484a4486cdb1658c71c7d2a449d4f3ad23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310156", "to_ids": true, "type": "ssdeep", "uuid": "dfc9dd61-fb32-48c0-a17f-c7620894faf9", "value": "1572864:2wl41lgY+w9QLv1JWYc6UeOtUUGQUT1jdu4BPPuuwT2GOqiB1sr7zjg7ob753oUI:6F4oD0QdGh9PlP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310156", "to_ids": false, "type": "size-in-bytes", "uuid": "a00f7c28-815a-4bfe-b663-a2404f1942bf", "value": "188699440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310156", "to_ids": true, "type": "vhash", "uuid": "117b9969-8852-4b2f-b770-cd84279b6d8e", "value": "0180f6656d556550161d14z1c2zff3z52z143z77z3001f334zc68" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310156", "to_ids": true, "type": "filename", "uuid": "1914c58d-d370-498d-b5e8-4a01dba57176", "value": "Slack.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310156", "to_ids": false, "type": "text", "uuid": "90ef1353-c13f-42f1-ab15-901314ee6e8c", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2024-10-25T13:43:50.000000+00:00\nLast Submission:2025-02-06T05:25:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544991", "uuid": "c38f8c21-5125-4ad4-b2f1-34487d233ab2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544991", "to_ids": true, "type": "md5", "uuid": "15273b96-1e14-440d-a355-86d4733fc337", "value": "841d7343e00f6692d8adfe1707dc89e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544991", "to_ids": true, "type": "sha1", "uuid": "1ff605d2-1a57-47ff-93e6-5764bd716593", "value": "03d3d1edb5025b9422ef8adf47b5f83e641dbc63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544991", "to_ids": true, "type": "sha256", "uuid": "a31ef1d3-3a34-4f18-925f-2c9dd6632583", "value": "86430ead4a692bcb3619729db1009021c6cc267fe62883799ec2e1ff4ce37d88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310221", "to_ids": true, "type": "ssdeep", "uuid": "695d1252-de0e-46f8-ba4e-420db542f94a", "value": "3072:msj//LdmNH9hp5PZFJ94teUx6PvquTnC3yu:3Ld0HXbJ94qRLk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310221", "to_ids": false, "type": "size-in-bytes", "uuid": "45c49220-2811-40ae-a267-7ea8c7d6b6fa", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310221", "to_ids": true, "type": "vhash", "uuid": "435609e0-2317-44c6-a211-4a61f0b5b75c", "value": "115066655d155d055018z5d7z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310221", "to_ids": true, "type": "filename", "uuid": "89eabda6-dbb6-4f45-8050-73b68e05c7bf", "value": "ft22guzm4.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310221", "to_ids": false, "type": "text", "uuid": "d3a62eb7-67f7-4666-814a-87c1f1548b6f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:37:51.000000+00:00\nLast Submission:2026-04-20T23:37:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544994", "uuid": "e343899c-df81-46b7-b5b5-6eda6cc63efb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544993", "to_ids": true, "type": "md5", "uuid": "7c89ef6f-8da4-460c-8cd9-2f0e6a521959", "value": "1c38f7abf65f19221e9f8b1bd345e6bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544994", "to_ids": true, "type": "sha1", "uuid": "4e43c7f8-272b-45b1-a730-9e0a7d09651a", "value": "d81b50362c2255c0ac46f3ea894b0f2802372a49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544994", "to_ids": true, "type": "sha256", "uuid": "fb4d82de-ad73-40de-884b-5db8cb09e737", "value": "86e9024c21478f7fa59bf95aef8e7bfb869ed872e8a92e7ca19118df0f74f457", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310242", "to_ids": true, "type": "ssdeep", "uuid": "aeff2685-f767-4e59-9c44-20c61328c4f7", "value": "48:6bITXTyN2yto/vweJtJRZwQ0dCAr9uulPVoqXSfbNtmF:M+I2yWgGj0dCAP9VAzNt6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310242", "to_ids": false, "type": "size-in-bytes", "uuid": "c698e3ee-b65c-430e-998d-1ff058b16406", "value": "4096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310242", "to_ids": true, "type": "vhash", "uuid": "23a93a3e-22d0-415f-b939-91f4e6609ce3", "value": "2430365515131z11z10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310242", "to_ids": true, "type": "filename", "uuid": "474db9bd-e584-4109-9b2c-61c3755cd2ef", "value": "test_dotnet_payload.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310242", "to_ids": false, "type": "text", "uuid": "aa3dfdaf-0010-4e87-9643-ef5230fefe29", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-20T23:34:06.000000+00:00\nLast Submission:2026-04-21T05:59:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544997", "uuid": "8b947dbf-f7d5-4aaa-8d96-047ae78fad96", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544996", "to_ids": true, "type": "md5", "uuid": "2760d241-1d15-4180-a489-c2022a82799e", "value": "293189b67f4cd6b73bf41db4165a1666", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544996", "to_ids": true, "type": "sha1", "uuid": "3e52c701-41d8-4c92-92a6-5422852ce48d", "value": "c28162b54840f1ccabce0a5d28dfd7b4f3cbcda3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544997", "to_ids": true, "type": "sha256", "uuid": "313e8eba-98c6-4c37-a453-32106be388c3", "value": "88644a0bc935c1245bbac2ea662fb24c3e600460a0adbcdd3f3e9f7e941c1287", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310306", "to_ids": true, "type": "ssdeep", "uuid": "806c48f9-2f96-4adb-b678-3e62e6cf1c6b", "value": "1536:FzuUk1TQHWVxYekVYL6rXp/THnS3i2usEUrNdF6JxE+gsWRJdL9dlBODL1QRU+9:IU8UHW0N9XprHEuXoNuJxSjjCDL1Qey" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310306", "to_ids": false, "type": "size-in-bytes", "uuid": "0a6bd833-c93b-48c7-bd5d-48a074bc0ba6", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310306", "to_ids": true, "type": "vhash", "uuid": "31f1ac64-60f4-4f47-b60b-b042516ebf47", "value": "115066655d155d055018z5anz3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310306", "to_ids": true, "type": "filename", "uuid": "45f90556-b760-4e5c-b0c0-659094c5c7fb", "value": "88644a0bc935c1245bbac2ea662fb24c3e600460a0adbcdd3f3e9f7e941c1287.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310306", "to_ids": false, "type": "text", "uuid": "bfefcb39-8e6e-4572-89e0-385cd136fc6a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:48/71\nFirst Submission:2026-04-20T22:42:58.000000+00:00\nLast Submission:2026-04-20T22:42:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544999", "uuid": "e7bf735a-bfb6-48a8-aac4-a9aa00cda0ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544999", "to_ids": true, "type": "md5", "uuid": "65c7dea3-6240-45d3-8648-fd6178f25e34", "value": "e31b8894be1c970c0c3318cdc2c916c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544999", "to_ids": true, "type": "sha1", "uuid": "e8b493b6-a72c-4e36-b046-7d3ad73773ab", "value": "4d823f8ddb5d1862c3ba0be9efa3f9f7b572b13a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544999", "to_ids": true, "type": "sha256", "uuid": "390c6aec-9b58-4770-900d-25558fd098e2", "value": "8b7e06b34f6eb3c496685934bbf39193444f80d4ed6be18681b0e30dd7f04f2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310328", "to_ids": true, "type": "ssdeep", "uuid": "26d88134-2967-4728-a142-9b73c2426713", "value": "3072:IuB0DBVl7xAakG0S+rtKnkFsT2/3KVuHHyjOiZPJHU2jeJTY:In7Cak7S+JKnk+2fKVuHHyCiZy2jeJs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310328", "to_ids": false, "type": "size-in-bytes", "uuid": "b3187db0-6866-4feb-bc3e-61e52b2af40a", "value": "234539" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310328", "to_ids": true, "type": "vhash", "uuid": "5c2f39a4-1a07-48d8-8c3b-ae36646609e5", "value": "1251376d1515151c051d1az150dlz31z4az3" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310328", "to_ids": false, "type": "text", "uuid": "22c745ed-3298-457f-9f2e-be5b2b6a8a65", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Tedy!MTB\nVT Total Detection:35/71\nFirst Submission:2026-04-24T09:10:28.000000+00:00\nLast Submission:2026-04-24T09:10:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545002", "uuid": "0cd7f30b-2781-459a-bdfd-0eec58f06d94", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545001", "to_ids": true, "type": "md5", "uuid": "d2900c4c-22bf-475a-9026-5dec9b302212", "value": "762df055f5a0fcde30e96f0d6b84d6f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545001", "to_ids": true, "type": "sha1", "uuid": "c629cf35-f925-4563-a1d4-9a62f96de508", "value": "9f669e5fca1ae9c2efd505fcd80d1948b2bb79f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545002", "to_ids": true, "type": "sha256", "uuid": "7540eca2-a0e4-43c4-b156-4afa826aabbf", "value": "8c2d451098e847fa5498e3bffc8ddf93cdbc150355a7b6568e0984568eed4faa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310350", "to_ids": true, "type": "ssdeep", "uuid": "63fda7e9-9c65-47af-9a10-201bca37fe16", "value": "1572864:XgRMg/aKxl4b7qCDQtjovZT78wLF2pArKgDz6ObiISXD+Dyj3eRalD2kGpTe/2Hh:ng/geeFXzGa9cz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310350", "to_ids": false, "type": "size-in-bytes", "uuid": "f1af47ce-eff1-4568-8b3f-8b17f743a62d", "value": "176670344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310350", "to_ids": true, "type": "vhash", "uuid": "9875dad5-0138-4e0b-98fb-e4ac7b77e7bf", "value": "0180e6656d556550161d14z152zff3z52z143za7z3001f334zbef" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310350", "to_ids": true, "type": "filename", "uuid": "046979a0-7e97-434d-a25b-ad92a85493c3", "value": "Canva" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310350", "to_ids": false, "type": "text", "uuid": "92222e76-cd76-46b8-8042-5078be042077", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/70\nFirst Submission:2024-10-14T04:23:52.000000+00:00\nLast Submission:2026-02-04T11:41:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545004", "uuid": "b3af8c81-faf9-48f3-a0c7-35589f8829fa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545004", "to_ids": true, "type": "md5", "uuid": "e82c87a8-921e-4e60-b60d-365c5c425ba3", "value": "6b293b2c174471078797bc761e9e85d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545004", "to_ids": true, "type": "sha1", "uuid": "bf44882a-c59a-456f-9d6f-be1e4c12bf70", "value": "7de4694258993ac77066720d981834d571511000", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545004", "to_ids": true, "type": "sha256", "uuid": "bd42bf31-c11e-457a-b919-c430901c12cc", "value": "8cce1ffa9328a8091497964538fd6098a50fd214edbc498f7ec580c711de9d11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310393", "to_ids": true, "type": "ssdeep", "uuid": "226d3a73-f2e2-416d-a299-fca9056afc7d", "value": "49152:ln0ZzBPpE+xOsNWoH8bVd8j+OA/7ZwddK6BfmLTqEIrrJBHZ9B:URE+x/NWXVd8jJEIBB59B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310393", "to_ids": false, "type": "size-in-bytes", "uuid": "3e908ae4-db8b-4b7a-969a-8ba9d3a84a8b", "value": "2980352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310393", "to_ids": true, "type": "vhash", "uuid": "eb97f18b-7ebc-412a-8e6d-f381dead767a", "value": "126096655d1565501d151az66=z34" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310393", "to_ids": true, "type": "filename", "uuid": "ec220a33-b47d-4360-bc77-d6b8276b6cbb", "value": "ffmpeg.dll" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310393", "to_ids": false, "type": "text", "uuid": "26e3f59c-a646-4bbd-bed9-f92b3fee0e3d", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2025-02-13T03:06:18.000000+00:00\nLast Submission:2026-04-22T15:20:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545007", "uuid": "63f5b9f4-e8c5-413f-94d1-c366a6877baa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545006", "to_ids": true, "type": "md5", "uuid": "7e9b5b16-c4ff-4a3d-912a-3f1f7f1ede5e", "value": "9ccf8f481e94c7c8da0e54e709b36850", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545007", "to_ids": true, "type": "sha1", "uuid": "36fc63af-1d47-40f9-aafe-c91408364e1b", "value": "c5325ea076f27b595e9adccd861c95d7fc1ebea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545007", "to_ids": true, "type": "sha256", "uuid": "c7c3f066-8f23-4381-bceb-4cba7d46ef74", "value": "8cf509a056060ac58ad82cc6696d80efad0b8233f67876e867d567ac220d8bf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310415", "to_ids": true, "type": "ssdeep", "uuid": "ff37cf57-f067-4197-be98-b1b1f5bba41e", "value": "1536:OW5oLmaKZzy32YN2Z/npOjkIkd4THESzEpSEumqxjYUfEEvsWd3d49dlNKjZATu:O8tOno/K9kdkkMPEhqhxE2toD8ZATu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310415", "to_ids": false, "type": "size-in-bytes", "uuid": "dad61a80-35a3-4100-a678-1671e3829a44", "value": "114176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310415", "to_ids": true, "type": "vhash", "uuid": "7a0035f3-7bed-4b22-a160-624b84a178ea", "value": "115066655d151d055088z55hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310415", "to_ids": true, "type": "filename", "uuid": "25d73b05-f300-4a19-921e-289b1ca12200", "value": "8cf509a056060ac58ad82cc6696d80efad0b8233f67876e867d567ac220d8bf5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310415", "to_ids": false, "type": "text", "uuid": "ec7f4102-c307-477e-abbe-0993ab78d6bd", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:15:25.000000+00:00\nLast Submission:2026-04-20T23:15:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545010", "uuid": "7728dbd2-8d6e-40ac-8beb-5950725e6533", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545009", "to_ids": true, "type": "md5", "uuid": "cb5b20cb-0d6f-48d3-a04c-9b84b2dafb41", "value": "59c1fdb48119dc4ed70f18024e085c26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545009", "to_ids": true, "type": "sha1", "uuid": "247a6db1-7b23-4eaa-8842-b156fc69fcfd", "value": "e26a5c15c6859924a3cfdb7ab1e751a97da01340", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545010", "to_ids": true, "type": "sha256", "uuid": "bb7a5c1d-571a-47ca-8c36-37008cc32556", "value": "8f8999e7c257aaba1d41c85f6c36f82aaab5397b425c4542c2702fc13ee2f774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310437", "to_ids": true, "type": "ssdeep", "uuid": "5de18592-4a3a-4e59-9a58-c321539027f1", "value": "3072:4xxd4OwaOQbOnGZAW6YdTpIS/GWmATME5JAST/2njLhbC3G1KSzoQsv1VP:E74b6OnGZR6YbB/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310437", "to_ids": false, "type": "size-in-bytes", "uuid": "62d513b8-5417-434a-9a35-1dc0d85f344a", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310437", "to_ids": true, "type": "vhash", "uuid": "c96f53eb-e98f-4036-b25b-29f545931ceb", "value": "115066655d155d055az57hz13z41z4az8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310437", "to_ids": true, "type": "filename", "uuid": "43fe1f37-38c4-4bbb-99b9-4751fd3ca772", "value": "8f8999e7c257aaba1d41c85f6c36f82aaab5397b425c4542c2702fc13ee2f774.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310437", "to_ids": false, "type": "text", "uuid": "e8843925-e612-4430-95b0-14b917478981", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T22:55:56.000000+00:00\nLast Submission:2026-04-20T22:55:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545012", "uuid": "40c478be-bfdf-4736-be0c-ce27ea4909b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545011", "to_ids": true, "type": "md5", "uuid": "d510984f-6321-42b2-bde4-688af922bc9b", "value": "a81356be4dd4624a95c35a0d7dc97158", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545012", "to_ids": true, "type": "sha1", "uuid": "ae362880-15d7-41a8-b9e1-8baca30371e8", "value": "b7e941d00a298496a97db05f76dd12a263b8baef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545012", "to_ids": true, "type": "sha256", "uuid": "9589b55f-960c-4e5e-9ad8-03e4754104c5", "value": "908e5a3a5dcac2a6ac5d71a1194f3062e0859b4da01c092b49d9b41dcd25f01c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310459", "to_ids": true, "type": "ssdeep", "uuid": "338d341f-9e99-4b83-8c84-be7b32688573", "value": "3072:585sSVIf03Q/GyOQb8Q/yJjG5U3vrXT/7nM4L3zm2Q9ZVbZacTphsrvRWGC:GPV403IwM8Q6JyklC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310459", "to_ids": false, "type": "size-in-bytes", "uuid": "17596962-5344-4804-9aa7-4749aec82d0f", "value": "104960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310459", "to_ids": true, "type": "vhash", "uuid": "4fedb766-fd2c-4852-b64c-09273b0313fb", "value": "115066655d155d055az54nz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310459", "to_ids": true, "type": "filename", "uuid": "266a2879-7f70-4677-9f7c-f3d7747cf4e7", "value": "908e5a3a5dcac2a6ac5d71a1194f3062e0859b4da01c092b49d9b41dcd25f01c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310459", "to_ids": false, "type": "text", "uuid": "08181d7f-907b-4aab-8747-00237848ed30", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T22:42:53.000000+00:00\nLast Submission:2026-04-20T22:42:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545015", "uuid": "64d26515-4735-49fa-84e9-8ed1c25cf4c9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545014", "to_ids": true, "type": "md5", "uuid": "17692ed0-2458-4454-a42b-33f7751fd133", "value": "7a068c3d87457fc4e295604a1f67a7e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545014", "to_ids": true, "type": "sha1", "uuid": "e27414bf-75b9-49d2-8bd5-e5cb30efbb52", "value": "24a15fd07e12c80dd4dea595273df6d13523f2a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545015", "to_ids": true, "type": "sha256", "uuid": "694ac959-9fa0-4084-bd24-55f2e7d4e908", "value": "924ec74deaa49a093b0137b721546d86008872410a74a45e496a57560f8a2b5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310481", "to_ids": true, "type": "ssdeep", "uuid": "8b7e33c9-830d-4f0f-92fd-46c834688d67", "value": "3072:oC/v/riAfIJGupGCBQbfQMPOGQi/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWU:VvpfSGwDMfQMP5qw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310481", "to_ids": false, "type": "size-in-bytes", "uuid": "1a5c9ce0-69b9-406a-9400-fdd01aa603ed", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310481", "to_ids": true, "type": "vhash", "uuid": "08969e04-2bb8-4839-a219-e5bda215aa0b", "value": "115066655d155d055az567z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310481", "to_ids": true, "type": "filename", "uuid": "b5161aeb-a4a0-4f17-80cf-eeb6bd9ae066", "value": "924ec74deaa49a093b0137b721546d86008872410a74a45e496a57560f8a2b5e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310481", "to_ids": false, "type": "text", "uuid": "9c224c06-3806-44d4-a1cf-e4ba799b9791", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:13:14.000000+00:00\nLast Submission:2026-04-20T23:13:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545017", "uuid": "ff79e14d-35b6-4963-b43c-c2d82d1c64bc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545017", "to_ids": true, "type": "md5", "uuid": "456771c3-5894-4440-b36c-692dfca12b6a", "value": "35485764901d7e57619965d3600fd37c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545017", "to_ids": true, "type": "sha1", "uuid": "1e51b93b-7d39-46b9-9d25-9728f35aafea", "value": "ff85e2790cf990e0c5bf84abde81906d825442f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545017", "to_ids": true, "type": "sha256", "uuid": "3785a7ef-e478-4cfe-86df-1d4e0adc22c9", "value": "944f915682809176b53242c1ffce0ab9744cd35430cd32aa029fc65873920ee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310524", "to_ids": true, "type": "ssdeep", "uuid": "842d000b-c3b6-4d1d-8a2e-e7a42bc3b3ee", "value": "3072:UIN/yTQIhGySQbrAHlmh3evmSOo2iePG3ufWC+vr//T/7nM4L3zm2Q9ZVbq+b2+1:b/GQ+EMrAHliANser" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310524", "to_ids": false, "type": "size-in-bytes", "uuid": "bbb2506a-f1b2-4daa-a3f2-4762e321b63b", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310524", "to_ids": true, "type": "vhash", "uuid": "bbae7e1f-b24a-4ab5-a41d-526b4a067c2a", "value": "115066655d155d055az52nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310524", "to_ids": true, "type": "filename", "uuid": "53a8d70c-3f13-46ad-8f4c-0b0916301064", "value": "944f915682809176b53242c1ffce0ab9744cd35430cd32aa029fc65873920ee0.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310524", "to_ids": false, "type": "text", "uuid": "e1d36a53-783b-4f5c-a708-2f50343904c0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:45:51.000000+00:00\nLast Submission:2026-04-20T23:45:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545020", "uuid": "e3e3a102-9c0d-4089-883f-168600360a81", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545019", "to_ids": true, "type": "md5", "uuid": "746faed6-fe93-48b7-a5dd-7d8db84e8b22", "value": "ac2cffb204e0660dc6e7c8e3061e5098", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545019", "to_ids": true, "type": "sha1", "uuid": "006b6cc4-0b27-4532-8b10-8d35b3d6c4c5", "value": "a3002e4a7a4d5a86c231a73c4ec7a69affef2cdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545020", "to_ids": true, "type": "sha256", "uuid": "24f87a43-96cb-4e83-b77c-88f21c8750e4", "value": "970496f353acbff4c61487951b1531c53d5c6ac036843e81e32baca1f214b619", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310566", "to_ids": true, "type": "ssdeep", "uuid": "83d77bae-27b0-4410-97a5-3db0f9619cb3", "value": "12288:vl6c5+h8eNS+IsjWe8SHhQF3xDPvbaj4n:v5+GeNSmjOxDPvbaj4n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310566", "to_ids": false, "type": "size-in-bytes", "uuid": "0ace3aea-ed56-452d-8d7a-200aea4eeb23", "value": "790176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310566", "to_ids": true, "type": "vhash", "uuid": "60c6b22e-b865-4e4c-9fa4-b22d9c2b8253", "value": "0751366d155d05551c051038z627z15z8023z21z700177z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310566", "to_ids": true, "type": "filename", "uuid": "6ac8ec0e-a7f2-42fe-92f0-2712b70a4839", "value": "970496f353acbff4c61487951b1531c53d5c6ac036843e81e32baca1f214b619.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310566", "to_ids": false, "type": "text", "uuid": "c74e11fe-3a4f-4f0e-864b-3f7ae3b87800", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:47/71\nFirst Submission:2026-04-20T22:48:43.000000+00:00\nLast Submission:2026-04-20T22:48:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545022", "uuid": "a9f987a6-89c7-43d6-82d8-f58f82a1feb7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545022", "to_ids": true, "type": "md5", "uuid": "d78d1a9f-addc-4f11-8698-8d1ed95290ff", "value": "5013571e104d9dd42ca2d94e81e430f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545022", "to_ids": true, "type": "sha1", "uuid": "ecb392b9-895d-42c8-9f3c-ee8bdf3e31fa", "value": "0e0e2b2f1688b77ebea638aa2e12f6462722fcb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545022", "to_ids": true, "type": "sha256", "uuid": "361ff814-96f1-4300-ab72-9304beeb4857", "value": "9783cdd475c54ec21a035b5035c80329fa14be830c71c7c133de06ed98ad86d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310588", "to_ids": true, "type": "ssdeep", "uuid": "f144f1b2-2ee6-404d-83c9-fa88a7c8944f", "value": "24576:oKkVrHgHx4mYlt+e5N2lWByqwSFg9NJo7thp9clBb2:Huri4LltP5NSn9NJIclBC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310588", "to_ids": false, "type": "size-in-bytes", "uuid": "b62a4168-21f6-4cbb-854e-a3282749c649", "value": "2379576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310588", "to_ids": true, "type": "vhash", "uuid": "07246de0-86f1-4911-9bf0-4749f70a6cf2", "value": "026086655d15551d0555514z12zc8z60203021z403001d3z36z11z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310588", "to_ids": true, "type": "filename", "uuid": "ea54d93b-154f-4978-bd82-9d179efc253d", "value": "Zoom" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310588", "to_ids": false, "type": "text", "uuid": "23e4e0b3-2650-4c42-ad14-55af87371a90", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2024-11-18T08:31:26.000000+00:00\nLast Submission:2026-04-22T15:19:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545025", "uuid": "c5ac9e37-e138-41ba-81b6-a84760d31fc4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545024", "to_ids": true, "type": "md5", "uuid": "5c0cb9b6-1bc1-4bd3-b7ab-2045d37114fb", "value": "f9af1a39dc368e0c83877d78a6c9eac9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545025", "to_ids": true, "type": "sha1", "uuid": "897e088f-11ba-4ca3-92b9-292d3aa7d9bd", "value": "34958b72c58471cf5b9f8126fd17b0b952905f83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545025", "to_ids": true, "type": "sha256", "uuid": "ceabe4a2-b8e1-42ad-bc5c-31f933f285f9", "value": "97ee55f9829b73bd5ddaf8766ca6f9c280512f99b0f7031f5bc0850413bd7a68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310610", "to_ids": true, "type": "ssdeep", "uuid": "6d0945e0-5af2-4015-925b-a5f26361beea", "value": "49152:vo4J8C121UxEjjfXYOB/yOW+SfePkVvGzVKhxy1yTjQVCU5/kJpw5ddj02bO/Bkg:rJgAOR1W+O51xQyTjQVCU5/kJco6g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310610", "to_ids": false, "type": "size-in-bytes", "uuid": "772efd24-d36a-453c-92c0-d293f4041ba6", "value": "2455488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310610", "to_ids": true, "type": "vhash", "uuid": "94e2ac0c-41f2-4104-9c2a-ff9b8a61ed70", "value": "1260b6655d156515501d1az69=z36" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310610", "to_ids": true, "type": "filename", "uuid": "be8b2cf1-bde6-4b3e-8b5e-a08cdbfaf397", "value": "97ee55f9829b73bd5ddaf8766ca6f9c280512f99b0f7031f5bc0850413bd7a68.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310610", "to_ids": false, "type": "text", "uuid": "1d45cc40-5e53-4229-bb8e-136a6f9abbaf", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2022-12-20T19:10:11.000000+00:00\nLast Submission:2026-04-22T15:20:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545028", "uuid": "d3d011b0-65ce-48a5-b068-7e49af27fd7d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545027", "to_ids": true, "type": "md5", "uuid": "c067e0a7-4f7d-4911-afbf-0c104a0c8e35", "value": "a86dd0525a1369e638e0c5111791dc16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545027", "to_ids": true, "type": "sha1", "uuid": "1c236529-8695-4048-9475-31cd02dd50d7", "value": "e9ed4027e023af46123588bb557c072076a7086b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545028", "to_ids": true, "type": "sha256", "uuid": "13cda66b-d65c-4ac6-8417-a2beb0b94ccb", "value": "9ad6d3dd940f376a2da712137845c9da74ebae0f2d96e6d56f91d40b62e9e685", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310654", "to_ids": true, "type": "ssdeep", "uuid": "a61e482c-28f2-4498-8b73-915c9ff53777", "value": "1572864:ZEo4nNTzsw9k5hghxQkRl6MgBAqfxhT9Lqk1hAwVuWfiPg9FUydskWFT6xGk+ksd:wnMvUl8x9NoR5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310654", "to_ids": false, "type": "size-in-bytes", "uuid": "f7d7b85d-767b-48f1-804d-46d88367cb99", "value": "186817400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310654", "to_ids": true, "type": "vhash", "uuid": "8ae9c8c2-bd26-4f2c-ae77-d525f9aa311b", "value": "018106656d156550161d14z1c2zff3z52z143z77z3001f334zc56" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310654", "to_ids": true, "type": "filename", "uuid": "afe2a893-ac8e-4155-a4b7-c8b31e5bedb9", "value": "Discord.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310654", "to_ids": false, "type": "text", "uuid": "6e56cf07-da60-455f-b8f9-2bfd187bd8e0", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2024-11-04T20:31:17.000000+00:00\nLast Submission:2025-04-05T09:15:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545030", "uuid": "68983810-e1fb-441f-9e6e-38bb30b21dda", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545029", "to_ids": true, "type": "md5", "uuid": "423749d5-cf4b-44d8-a934-3349ee03264f", "value": "a0695750cc3e82c49c7b33049e07e0b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545030", "to_ids": true, "type": "sha1", "uuid": "0a7247fd-2f03-4c63-ba8f-9acf6c27d81d", "value": "2f188aad6f664c6290e9c2bc6ea19fced4d26f79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545030", "to_ids": true, "type": "sha256", "uuid": "9d332ab2-5908-4aee-8139-675575cfc27c", "value": "a071cb93a7e151f23227e0f45c66f1f47431ed981608790c4f30b664f02ea3d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310718", "to_ids": true, "type": "ssdeep", "uuid": "40826313-d668-41ea-90fa-e3d3f075c5df", "value": "3072:doUuUp3i2PbGuIQb6A8b+ICATME5JAC/T/2njLhbCDvmSOo2iePG3ufWC+vrXT/q:aUZi2zmM6A8bf7u4K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310718", "to_ids": false, "type": "size-in-bytes", "uuid": "a67a50fe-4400-4296-b7e2-03b9378bcdc9", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310718", "to_ids": true, "type": "vhash", "uuid": "f089be4d-060b-4fda-924d-cd0c3527b150", "value": "115066655d155d055az517z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310718", "to_ids": true, "type": "filename", "uuid": "5927f5b5-8354-400b-9149-937973b4b92f", "value": "a071cb93a7e151f23227e0f45c66f1f47431ed981608790c4f30b664f02ea3d7.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310718", "to_ids": false, "type": "text", "uuid": "1e82c074-fbbd-44a7-9063-4d2cafea3031", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:14:20.000000+00:00\nLast Submission:2026-04-20T23:14:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545033", "uuid": "17cd041c-ebb6-4c1e-821a-05eb3212f495", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545032", "to_ids": true, "type": "md5", "uuid": "08de671f-40a9-4a19-b4a7-33b9b6e915e9", "value": "2e6a753ad93ace4757b30ada20a6cfa8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545032", "to_ids": true, "type": "sha1", "uuid": "bb671c45-7e92-42bc-9b3e-9f011469f8df", "value": "42df2ea3288f47ed33c8ba8e0629dc2782240f56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545033", "to_ids": true, "type": "sha256", "uuid": "f04b919a-2c31-42a8-a2b0-3c3a290ef42a", "value": "a09d2266fc33a6806ec7cd693ce07acf38f7cb74751299ad8da8aa7d0b8b76ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310740", "to_ids": true, "type": "ssdeep", "uuid": "cfc5e1bb-5561-470e-a9d6-7dd6b661e3e3", "value": "3072:i/AwoPt0PRG7nQbwAwZDuf+0PpgqgOAFw:yol0pAMwAwZS/Qh+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310740", "to_ids": false, "type": "size-in-bytes", "uuid": "1532fbab-1de2-4912-9481-669e91570f2c", "value": "102912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310740", "to_ids": true, "type": "vhash", "uuid": "f5923d86-8283-498e-b5a0-8fdc9cc5caa1", "value": "115066655d155d055az49?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310740", "to_ids": true, "type": "filename", "uuid": "458b20a0-8540-4284-ba1b-0abac4e4f7fa", "value": "a09d2266fc33a6806ec7cd693ce07acf38f7cb74751299ad8da8aa7d0b8b76ed.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310740", "to_ids": false, "type": "text", "uuid": "ef433134-c41d-4338-8db6-70a13423a1f1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T22:36:57.000000+00:00\nLast Submission:2026-04-20T22:36:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545035", "uuid": "dc61bdca-68a4-4f91-b8fa-cd58419fd60f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545035", "to_ids": true, "type": "md5", "uuid": "51232fa6-dd6a-41f6-b97d-b332116a6a99", "value": "dc223032a7e44ff5e40120a22d6ed298", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545035", "to_ids": true, "type": "sha1", "uuid": "c19c8a13-de00-4b2a-99ae-feb42667d75e", "value": "320fc181d10de88142df271a6c319a1b742ba83d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545035", "to_ids": true, "type": "sha256", "uuid": "52fc994c-b080-4b9b-ac3f-ef74d4a10435", "value": "a0e7660fe975889b9cd7f333e79affab8c9e58e2e677e66588cc33478f34f787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310783", "to_ids": true, "type": "ssdeep", "uuid": "2d647749-7c59-494d-9ea6-6507f12ce233", "value": "3072:VJuaAAjfxOAGQQiAPePBAH51756565rDIryHtmckVPxIiT7DYF:H1AAfoYfAPeZAsmUYF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310783", "to_ids": false, "type": "size-in-bytes", "uuid": "76d44296-589c-4d44-875b-c409ba41b25d", "value": "104960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310783", "to_ids": true, "type": "vhash", "uuid": "775af006-951e-41bb-8db7-423bd503503f", "value": "115066655d155d055az4enz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310783", "to_ids": true, "type": "filename", "uuid": "4f701be9-602d-4234-a277-881a22a0e405", "value": "a0e7660fe975889b9cd7f333e79affab8c9e58e2e677e66588cc33478f34f787.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310783", "to_ids": false, "type": "text", "uuid": "5be3275f-2ddb-4a2a-959c-5b6179f6092c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:15/72\nFirst Submission:2026-04-20T23:05:09.000000+00:00\nLast Submission:2026-04-20T23:05:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545038", "uuid": "50b3ab87-49ac-477f-a5c9-edb94efe73fe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545037", "to_ids": true, "type": "md5", "uuid": "754ade5f-9af3-4cf7-9cde-cc7cb603be87", "value": "428ae39c3dca3ced630b041003f70220", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545038", "to_ids": true, "type": "sha1", "uuid": "6064c6db-2f96-4e37-9cd1-9d7559341c18", "value": "27bd025b4d78c00fac105b4ca56d7ba6cc899359", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545038", "to_ids": true, "type": "sha256", "uuid": "265d2777-f8c4-455b-983f-11876a0fb97b", "value": "a1d756d36217004315e38ad797ddee0e8475673d18eaa4c5df6c1c98220d0d7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310804", "to_ids": true, "type": "ssdeep", "uuid": "aadb3be0-4374-47fb-85b5-596624d659e8", "value": "3072:KvBGrVNNR2AJNQKAfRAtDvrXT/7nM4L3zm2Q9ZVbZacTShsrHTBRjtd:2G5HoqXAfRY8RRx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310804", "to_ids": false, "type": "size-in-bytes", "uuid": "ffbc6018-c7d5-4b05-a954-38182291f1a6", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310804", "to_ids": true, "type": "vhash", "uuid": "2737351b-4791-4843-95b9-dccdd9216dd8", "value": "115066655d155d055048z4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310804", "to_ids": true, "type": "filename", "uuid": "d4907412-9011-4749-b183-0aac213d4a76", "value": "a1d756d36217004315e38ad797ddee0e8475673d18eaa4c5df6c1c98220d0d7c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310804", "to_ids": false, "type": "text", "uuid": "4331cdd3-c78a-45f3-a32c-4c42f807a049", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545041", "uuid": "e4a44649-b9c5-4169-ab7f-440ac0466863", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545040", "to_ids": true, "type": "md5", "uuid": "245324f5-bced-4587-aaf2-0593f3be4e22", "value": "c13bef7c1e0a41871f9a298c2354c52b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545040", "to_ids": true, "type": "sha1", "uuid": "582e4127-203f-4e9f-86f1-b5ce24f52693", "value": "3d493f77bab9cb0ed4d21e1fbf0d82fb92467c5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545041", "to_ids": true, "type": "sha256", "uuid": "07686ea3-6c57-4d8e-a9d9-04d439bf9089", "value": "a2ab9dbc0401a247f8c116558e6939aa054de57febcf4d7aacfe8f7e9e6c48f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310826", "to_ids": true, "type": "ssdeep", "uuid": "c9060136-54cf-4cf9-9abf-455e7035087f", "value": "3072:SEGVriAfIJGupGCBQbfQMPOGQe/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCe:YfSGwDMfQMP5eW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310826", "to_ids": false, "type": "size-in-bytes", "uuid": "04a12c99-c0f6-4a2b-8f2a-7162bcaaa2f3", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310826", "to_ids": true, "type": "vhash", "uuid": "308e9b5e-902d-4ef0-96e5-f23b6574a344", "value": "115066655d155d055az567z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310826", "to_ids": true, "type": "filename", "uuid": "f64fdd54-b3d2-4247-bf3a-403302e46a06", "value": "klsyp5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310826", "to_ids": false, "type": "text", "uuid": "3dccbc83-5ea9-442a-a976-f0a737f1464e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:34/71\nFirst Submission:2026-04-24T06:14:21.000000+00:00\nLast Submission:2026-04-24T06:14:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545043", "uuid": "36f20825-c062-4b6f-b6ce-2518a5ccefcd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545043", "to_ids": true, "type": "md5", "uuid": "bc9989ee-8856-41dc-a282-7e727fe1541a", "value": "c5149a9dc7d745e85685b26fbf0e9e87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545043", "to_ids": true, "type": "sha1", "uuid": "ed010d96-4ca3-409c-a366-5f8b557cba9d", "value": "d59a9b4064e383f290fd82ad841a4bb372f823e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545043", "to_ids": true, "type": "sha256", "uuid": "7d145e7e-1270-48cf-99ef-c43a7478fdeb", "value": "a2e4fba0b8898d4b5ae98334633bbfc201cc22795479019bb74fe372da8e070c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310848", "to_ids": true, "type": "ssdeep", "uuid": "d74d7738-5d5b-42f4-a715-9d8c7823a1ce", "value": "3072:VRTeXQwDasaAmiTQhAS/xYN0951756565rnIryHY/CCjK:zeXbuFaTcAS/03vW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310848", "to_ids": false, "type": "size-in-bytes", "uuid": "57cf5fcd-5898-4317-b345-b79aadf35b2b", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310848", "to_ids": true, "type": "vhash", "uuid": "b4171202-85d4-409c-8613-70aac25a1ed3", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310848", "to_ids": true, "type": "filename", "uuid": "ffbecb1b-30b8-4cdf-9b8d-7791fee4ee38", "value": "a2e4fba0b8898d4b5ae98334633bbfc201cc22795479019bb74fe372da8e070c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310848", "to_ids": false, "type": "text", "uuid": "e2144e7c-c80e-464b-97da-f46433c0f7d9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545046", "uuid": "97425a07-5d4e-4455-9815-f25949a1ebdb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545045", "to_ids": true, "type": "md5", "uuid": "66576089-e5cb-4593-b85d-2a2d0e3dd4f7", "value": "eac787c3cbbe8bc99969284922798ab8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545046", "to_ids": true, "type": "sha1", "uuid": "949e1a9d-07ba-4d3f-b375-92e2d11e910b", "value": "8fe73336aaa832a552d2476432d21d73f5b027d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545046", "to_ids": true, "type": "sha256", "uuid": "61645222-869f-41ce-9f7c-3f1612855d73", "value": "a382e94c77e0c29a1e36b816d68030966446ea154026731d576a93c80caa0420", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310869", "to_ids": true, "type": "ssdeep", "uuid": "e0939bd9-2264-401c-aa6b-eed94c33881e", "value": "6144:aKLGDdIXdRqpuL3OGaj52Gx1i3AGBd18wpArwPCUEGK6VcApGz8:jLGKXdkpuCGAM3AsHfKrwPhlcAM8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310869", "to_ids": false, "type": "size-in-bytes", "uuid": "0412618a-d94b-4d0d-b38d-029d7d52fd94", "value": "546832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310869", "to_ids": true, "type": "vhash", "uuid": "2b9cfc2c-56b7-42ec-9669-521f84b2869c", "value": "055066655d5555555383z32z767zb031zd010e12001303012z525z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310869", "to_ids": true, "type": "filename", "uuid": "81200aee-06be-4d23-a2ee-03efa66b6735", "value": "Microsoft.SharePoint.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310869", "to_ids": false, "type": "text", "uuid": "e483938f-a4a6-4197-94d9-cd385f961e85", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2024-02-03T07:40:46.000000+00:00\nLast Submission:2026-04-22T15:19:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545049", "uuid": "b9b5501e-eafd-4894-92fb-756249a0e379", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545048", "to_ids": true, "type": "md5", "uuid": "8d6e29eb-f8e0-4daf-bd41-8d45cf2b27ed", "value": "cb6294c6c19cdb7f35930b2569415159", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545048", "to_ids": true, "type": "sha1", "uuid": "df1df84d-941a-414b-b47f-2e41bedb7035", "value": "9d01b30b4e235c918e6148d7bab7bb84553b2a6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545049", "to_ids": true, "type": "sha256", "uuid": "dab6429d-f5f4-4153-a907-4129f9f5dc0f", "value": "a4b590be9e9c39b328b69285182e9b0c1dc742d8df854a147bf709a2b74b15c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310891", "to_ids": true, "type": "ssdeep", "uuid": "7a6dd414-3e8f-4d09-96c2-6698e412063d", "value": "384:p40D9pNoFOyxS9ozwrtw8dlk1/mckVPxIiTgALMyl:p4A9DuOoSKzo9ImckVPxIiTJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310891", "to_ids": false, "type": "size-in-bytes", "uuid": "5b7ac1d8-5d01-42e3-8754-370b0354b0dc", "value": "17408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310891", "to_ids": true, "type": "vhash", "uuid": "1e6aa019-21e3-44de-a92b-0fe939c8d080", "value": "1140b76d1515151c051d1az140elz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310891", "to_ids": true, "type": "filename", "uuid": "33e0c962-e32c-48c3-b7d8-c8120ae45c2f", "value": "a4b590be9e9c39b328b69285182e9b0c1dc742d8df854a147bf709a2b74b15c6.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310891", "to_ids": false, "type": "text", "uuid": "00e08320-f76b-4f4d-9c86-7a821506d9cc", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:30/72\nFirst Submission:2026-04-20T22:53:58.000000+00:00\nLast Submission:2026-04-20T22:53:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545051", "uuid": "15d8d62d-516c-446d-bb3b-39dd4dae21fd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545050", "to_ids": true, "type": "md5", "uuid": "0ffc7bb9-73f5-4494-b47a-45f68530869a", "value": "2058818e377aec2f1074c4114f4ff34e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545051", "to_ids": true, "type": "sha1", "uuid": "6ae52477-dbd5-4a45-9aad-0e83cf751d80", "value": "77b2c777f35c4a5af83cbe63ec0afd07e07531ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545051", "to_ids": true, "type": "sha256", "uuid": "6ac53522-8524-485f-bb7c-b12c6b6bc715", "value": "a4d6225e5d17d86d97e286ca6ebd1c49a5dc24e8a43902fbab172ab3c33a0d5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310914", "to_ids": true, "type": "ssdeep", "uuid": "9000ae17-b8e9-45da-bb4c-b709760fb820", "value": "3072:rdw50aYcaKf0duwCqeYKhXHBEVJsxSDb3CT:y5FY60M3Ya+9jc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310914", "to_ids": false, "type": "size-in-bytes", "uuid": "73f60d39-3732-4e66-bd78-16b6686ea407", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310914", "to_ids": true, "type": "vhash", "uuid": "1cd2389b-1c01-4f16-a5c9-6ffc5efc70ee", "value": "115066655d151d055088z58hz13z5ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310914", "to_ids": true, "type": "filename", "uuid": "80e08497-6d89-4ecd-88f1-49725b3bcf43", "value": "a4d6225e5d17d86d97e286ca6ebd1c49a5dc24e8a43902fbab172ab3c33a0d5e.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310914", "to_ids": false, "type": "text", "uuid": "48b4745e-d842-4cc3-97a7-767f8c7b9ba0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:39:01.000000+00:00\nLast Submission:2026-04-20T23:39:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545054", "uuid": "e7014e91-d756-4087-815a-b771bf6fc78f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545053", "to_ids": true, "type": "md5", "uuid": "6535195c-d6ae-4952-aead-2482bb3608b4", "value": "5a10ba1c404234ccd17d0e32f7a35790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545053", "to_ids": true, "type": "sha1", "uuid": "41b37ea9-84c4-4b64-b64c-c1058ff489af", "value": "65fa0bb18e4b4ab01825a62b9071d3b8d6223b64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545054", "to_ids": true, "type": "sha256", "uuid": "87e38ac4-8a5d-474c-aed8-620e82f50788", "value": "a7bc193aea3959a2febbbb613f5954549159f589e5553fc1298ea2a0b7660599", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310935", "to_ids": true, "type": "ssdeep", "uuid": "ecb74296-c744-444e-8565-473bd974d249", "value": "1536:o6KBS9xRYrUZIPVaqn6+4x/1N2SIEmHwmckVPxIiTb:6BAxU9P8o3ckVPxIiTb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310935", "to_ids": false, "type": "size-in-bytes", "uuid": "8698ccaf-ddf5-4fe4-a4e9-ee57e0d87d95", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310935", "to_ids": true, "type": "vhash", "uuid": "712ad1e0-4af3-46ab-9561-6125115cf718", "value": "1640c76d1575151c051d1az1511lz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310935", "to_ids": true, "type": "filename", "uuid": "c3ea63e5-7565-4d57-ac18-1c185631ed02", "value": "CCleaner.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310935", "to_ids": false, "type": "text", "uuid": "6c045da7-071a-48db-9e5b-af845c18b1fb", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:17/72\nFirst Submission:2026-04-20T22:48:57.000000+00:00\nLast Submission:2026-04-22T07:08:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545056", "uuid": "f3c60b70-1bb1-47d9-aaef-71fb4305420d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545056", "to_ids": true, "type": "md5", "uuid": "95254e03-774c-4961-ac3d-316b41bc6cd5", "value": "2b5bf21336d7dfc4b69c3b8ae206479c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545056", "to_ids": true, "type": "sha1", "uuid": "79e02477-d1f0-4cd6-bd48-8fd2b3a0878e", "value": "89db78a84a77863cedd5cf2bc649c9458ed91d34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545056", "to_ids": true, "type": "sha256", "uuid": "dbc88576-f26c-4331-b542-021264686d11", "value": "aaea6c2278b089f8ea55e7c87f542468dced97af10fcc83da7443cd779948a59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777310957", "to_ids": true, "type": "ssdeep", "uuid": "059a0b02-2d7d-475b-b9c3-fa42527710c5", "value": "384:xSo79mrSx+j3pHcqh0ejqfn7wuMH+y1NKsm3FAL7ss:xP98Sx+rpH9iejqv7pMeZy7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777310957", "to_ids": false, "type": "size-in-bytes", "uuid": "3ed6d369-d5b8-4a74-9b0e-e570d57ada56", "value": "21504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777310957", "to_ids": true, "type": "vhash", "uuid": "40150e2c-6ed1-4143-94f4-69635778100b", "value": "1240b76d1515151c051d1088z1d14fz13z5ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777310957", "to_ids": true, "type": "filename", "uuid": "948153c8-d31b-4a0f-a5af-a4b901f7cf0c", "value": "aaea6c2278b089f8ea55e7c87f542468dced97af10fcc83da7443cd779948a59.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777310957", "to_ids": false, "type": "text", "uuid": "bf301bc5-8548-426e-ab69-e5cb4392e20c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:35/71\nFirst Submission:2026-04-20T23:08:03.000000+00:00\nLast Submission:2026-04-20T23:08:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545059", "uuid": "873fa6b0-4b40-498f-abcb-0759f9b40f16", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545058", "to_ids": true, "type": "md5", "uuid": "b6c57365-ba54-4e77-a62b-ba19d8d5ebd4", "value": "f7a3ee7e4c0d03aa6c03fdc291191691", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545059", "to_ids": true, "type": "sha1", "uuid": "cec2640c-503b-4076-b50d-5fabb83455ce", "value": "ec803117594f93d6900d4b1bc9ea2819528c7ec1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545059", "to_ids": true, "type": "sha256", "uuid": "85a743e9-4013-4922-b7ac-959f20fcfb1e", "value": "ad693ddef2a1f857262b5351b04a6e8e4e256207e83f4a37a830e587be94a34f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311000", "to_ids": true, "type": "ssdeep", "uuid": "1de6800f-5365-4a71-84a0-7554e41554cd", "value": "3072:afAwoPt0PRG7nQbwAwZDuf+0PpLqXOAlw:aol0pAMwAwZS/ihe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311000", "to_ids": false, "type": "size-in-bytes", "uuid": "d84b9ce8-8256-4949-a406-e035da662d9a", "value": "102912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311000", "to_ids": true, "type": "vhash", "uuid": "68b722e9-b07b-4c74-9e89-1de917efb235", "value": "115066655d155d055az49?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311000", "to_ids": true, "type": "filename", "uuid": "2ee6f66c-a17e-4ed1-b4ce-10d0045fbaa3", "value": "ad693ddef2a1f857262b5351b04a6e8e4e256207e83f4a37a830e587be94a34f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311000", "to_ids": false, "type": "text", "uuid": "178964d4-4a51-4a92-aa43-7657e9d2ca98", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T22:48:35.000000+00:00\nLast Submission:2026-04-20T22:48:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545061", "uuid": "3bd532e0-fa8c-4187-9bd3-ba27699ef0bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545061", "to_ids": true, "type": "md5", "uuid": "9853d92a-2a12-4bd4-ab07-9e95038b66e9", "value": "8a275b099c2eb69ba14fdfbd3e1e121c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545061", "to_ids": true, "type": "sha1", "uuid": "217c45c4-87d4-4386-b3e2-513610e0a0e0", "value": "df7dc8dd733ae8893356b79fbf1dc8a7687a5773", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545061", "to_ids": true, "type": "sha256", "uuid": "14fc9a21-0030-4403-9132-f47225759c7f", "value": "b05c843862aee8e2900848f6d8640dba64c170b4ff031ebb6aebab9b018b81cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311022", "to_ids": true, "type": "ssdeep", "uuid": "1d8d2f54-69a1-4d6e-959e-dd99c0444f3c", "value": "1536:9HAN2Zq7YQJgEKfUn3o/xuTHuSwQb4Arpu7yfskzw8EECHsWeqdR9dlbdkDQA:9bIYQX9Y/xGO3Qb4AE7yfEzMwpByDQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311022", "to_ids": false, "type": "size-in-bytes", "uuid": "9ce5dbbd-f6a9-4446-8fd9-de94e4a868b8", "value": "102912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311022", "to_ids": true, "type": "vhash", "uuid": "907332e9-028f-4d92-a0b0-30c8b72c024d", "value": "115066655d155d055az4b?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311022", "to_ids": true, "type": "filename", "uuid": "d165c7f8-8f2d-4975-971c-ebe258ca1f77", "value": "b05c843862aee8e2900848f6d8640dba64c170b4ff031ebb6aebab9b018b81cd.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311022", "to_ids": false, "type": "text", "uuid": "f8a8d4fd-106c-42c3-990a-7cfa12f57e35", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:33:43.000000+00:00\nLast Submission:2026-04-20T23:33:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545064", "uuid": "c6b6a58a-b209-4a6d-8d5d-c3361c985899", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545063", "to_ids": true, "type": "md5", "uuid": "ce098f15-2a5f-4463-b085-08c02e07ae3c", "value": "d11d0136ccb2de3ccd41bbf581d6d88c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545064", "to_ids": true, "type": "sha1", "uuid": "abb24386-b5af-4483-8f36-228cd08c3516", "value": "48da1639f7ad9572d246f6a3429fddd42e787bd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545064", "to_ids": true, "type": "sha256", "uuid": "0f660b5e-d871-40e4-b22f-5a825c0ada87", "value": "b34c18077edc28a2d6e8ec94b9e41c7fdd50885721e4aec99c16f41ab6af7ecc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311044", "to_ids": true, "type": "ssdeep", "uuid": "58d2e1eb-574c-499a-926e-2f3df90b9a06", "value": "1536:xo88mGc3Hc1CYSMC5fFFDgIFnwxKg4SpemckVPxIiTc:qmGc3c1CY/MfnZNwXptckVPxIiTc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311044", "to_ids": false, "type": "size-in-bytes", "uuid": "ec4d346b-45ba-4d4f-8d55-292d7b911176", "value": "59392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311044", "to_ids": true, "type": "vhash", "uuid": "e285f1c5-70b7-4717-be4b-164ba488d79e", "value": "1540c76d1575151c051d1az1511lz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311044", "to_ids": true, "type": "filename", "uuid": "4ec00eeb-d674-4c46-acfb-a92f4613b630", "value": "CCleaner.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311044", "to_ids": false, "type": "text", "uuid": "c44e3d4a-20f8-45aa-bb29-3ae372d25c13", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:29/71\nFirst Submission:2026-04-21T00:31:53.000000+00:00\nLast Submission:2026-04-22T07:06:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545067", "uuid": "72484982-8b1c-4961-87bd-5f4e2b59af31", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545066", "to_ids": true, "type": "md5", "uuid": "63970658-54fb-48be-b610-8142b1993e53", "value": "2695631ab68223cc0e242d25bfc503dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545066", "to_ids": true, "type": "sha1", "uuid": "50aed7b6-516a-42ad-85f6-113645564d04", "value": "984da5766362e72947f0a31a856dad522cfe5374", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545067", "to_ids": true, "type": "sha256", "uuid": "2b56ed0f-1781-4f8a-9d28-d38675dea980", "value": "b3954d905cd0d513f84598b6a63547bec7ee02977865dd236b8efd9846ba1585", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311067", "to_ids": true, "type": "ssdeep", "uuid": "1e638ba4-aae9-45f7-8a90-ea8888754679", "value": "98304:3QzAf5Rdr7Ixro4obTzQTrzBpT1BBc/Tbcv//S:gza5zIxb7rTbcTba/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311067", "to_ids": false, "type": "size-in-bytes", "uuid": "56cc7043-5ba0-4a34-b8f6-4e19a2520565", "value": "7657472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311067", "to_ids": true, "type": "vhash", "uuid": "85f389cb-08dd-4bef-a826-7945dd546a63", "value": "0760b6666d5c0d5d151c0142502007500970f4z15115z42zc703cz2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311067", "to_ids": true, "type": "filename", "uuid": "5a2ba457-5bc9-480e-99a8-a1e89b0b7787", "value": "b3954d905cd0d513f84598b6a63547bec7ee02977865dd236b8efd9846ba1585.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311067", "to_ids": false, "type": "text", "uuid": "d215fbe7-e48a-4c95-a694-a9001f2bde27", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:38/71\nFirst Submission:2026-04-22T01:08:10.000000+00:00\nLast Submission:2026-04-22T01:08:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545069", "uuid": "1a7c6233-5706-4fdd-9fa4-fdc4d94ae84d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545068", "to_ids": true, "type": "md5", "uuid": "b4d3a354-477c-44e1-9a88-c6fb0f99e931", "value": "d21ad786e826fcc7f40f97f6e1e6c4d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545069", "to_ids": true, "type": "sha1", "uuid": "7a1c99d9-98e1-4090-95b8-4b409ccf23a3", "value": "263adcbe296664d9c7aba957c7e073a9d1bd3de3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545069", "to_ids": true, "type": "sha256", "uuid": "da12ad6b-e7fa-4671-93ca-d6760f769ed4", "value": "b42aafbe446530a8d68e8b8697113280ff54fea5aeb3c3ea660af24c455b2b7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311088", "to_ids": true, "type": "ssdeep", "uuid": "2305a86b-a4bb-4b9c-98cd-9bb9d6110c8b", "value": "3072:3rLeTrVwYwnGysQbEATnTz7KJMblIdj9dLRAL6:3+ThwYsyMEATnHem6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311088", "to_ids": false, "type": "size-in-bytes", "uuid": "9e2f1a7f-f006-4701-b396-a554fefc4d3d", "value": "103424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311088", "to_ids": true, "type": "vhash", "uuid": "4d9a1181-4fa1-4c04-8022-9254b488ef98", "value": "115066655d155d055az4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311088", "to_ids": true, "type": "filename", "uuid": "e61e8518-80f4-4805-8844-94bfdf07b98b", "value": "mlbh1x1ck.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311088", "to_ids": false, "type": "text", "uuid": "06d5b744-2be9-4cac-ab97-7d5630af762c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:24/71\nFirst Submission:2026-04-21T00:24:24.000000+00:00\nLast Submission:2026-04-21T00:24:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545072", "uuid": "f88ae9c2-4ff7-41c1-ba64-3bfe67e9cae6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545071", "to_ids": true, "type": "md5", "uuid": "2698749d-eb43-48ea-8989-5d610eb2408c", "value": "950242bfb6e3c79d4c176d85905299d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545071", "to_ids": true, "type": "sha1", "uuid": "83e0107b-138a-415d-b70b-b5de47e21e53", "value": "1a99f681045985c126c0d8f4b5d1b51a84d20d50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545072", "to_ids": true, "type": "sha256", "uuid": "0f01440a-198d-4987-a391-577fc7216240", "value": "b4bc880eec604ca025b277ca5fe8b7e47c614337af4039789ac919e81e684dbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311110", "to_ids": true, "type": "ssdeep", "uuid": "5397505f-e58b-495e-af27-cdb3ebb82caa", "value": "3072:W+TeXQwDasaAmiTQhAS/xYN0l51756565rnIryHo/CRMK:HeXbuFaTcAS/0XkJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311110", "to_ids": false, "type": "size-in-bytes", "uuid": "75e8139e-6678-45f7-910c-cb4d7c0f7961", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311110", "to_ids": true, "type": "vhash", "uuid": "e5bdab59-d1cf-4a08-b03a-501bb1d4b2df", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311110", "to_ids": true, "type": "filename", "uuid": "2f93085e-eb51-41f7-97b7-94bae0b57fe5", "value": "b4bc880eec604ca025b277ca5fe8b7e47c614337af4039789ac919e81e684dbf.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311110", "to_ids": false, "type": "text", "uuid": "516ae5c3-64e5-4971-8089-f0bb7166d8c0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:13/72\nFirst Submission:2026-04-20T22:47:08.000000+00:00\nLast Submission:2026-04-20T22:47:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545074", "uuid": "80226b40-c5f1-4902-9846-e873f4608cf7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545074", "to_ids": true, "type": "md5", "uuid": "d37390d3-51e0-4979-9bda-f9bbaa392723", "value": "13963caf212ab72c1d76a91556070fcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545074", "to_ids": true, "type": "sha1", "uuid": "825abe64-dd6f-4eea-9305-4875219cc366", "value": "3fe4ddae465771740ed5a6b1884085e1a9ce96e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545074", "to_ids": true, "type": "sha256", "uuid": "a3c925f9-ebfb-45ab-b9a4-fcd59cd451cb", "value": "b505d66eac2888d74664daf057f0ed56dd1f7ff79139345493582a7bf9d1780c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311132", "to_ids": true, "type": "ssdeep", "uuid": "eaab2e82-c4b2-4cba-8be9-027de6ee63d2", "value": "3072:IaTF5AGZWAOZQaAZDGFFNrB7ijPGyuIWC+vm//O/2iePL3zfbHsYrXTGWwd51pyz:pFSG4xXAZDmCo2B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311132", "to_ids": false, "type": "size-in-bytes", "uuid": "57663583-2a85-422e-8219-0676a6f20725", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311132", "to_ids": true, "type": "vhash", "uuid": "8de5a6d9-788f-477d-ba65-0aafc54fe1e9", "value": "115066655d155d055048z52hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311132", "to_ids": true, "type": "filename", "uuid": "b8935f6e-bc67-4fb5-a7f4-c754f9040057", "value": "b505d66eac2888d74664daf057f0ed56dd1f7ff79139345493582a7bf9d1780c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311132", "to_ids": false, "type": "text", "uuid": "d3824729-f540-4d39-9d2b-3cd2cc437781", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/NetLoader.MK!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:32:38.000000+00:00\nLast Submission:2026-04-20T23:32:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545077", "uuid": "2f81d458-a72f-478e-ab4f-b7cb986a6dcd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545076", "to_ids": true, "type": "md5", "uuid": "f08fc456-3f07-46e1-ace8-8acf89117983", "value": "900ffd37c20e0c735f9381b3e4fed69e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545076", "to_ids": true, "type": "sha1", "uuid": "935cd916-dc48-45ca-a91c-fe2be7b549f6", "value": "ddf5eb2ec1cb27e2b5e901791ad0202005f1a9f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545077", "to_ids": true, "type": "sha256", "uuid": "4a8f3e5c-c3e4-4161-86ad-60c1bf9c1d0c", "value": "b6466f4f88ddce385be689db81b9c4c2521d1a1bd119c3c0cb62e65106fac73c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311154", "to_ids": true, "type": "ssdeep", "uuid": "440c1b23-ee81-4d24-a618-440691f3e65d", "value": "3072:m9VVl7xAaoF0S+ktKnkhsT2v3KVuCHytOiZPFnU2jvK9A+M:u7Cao2S+8Knk62vKVuCHyEiZC2jvKG+M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311154", "to_ids": false, "type": "size-in-bytes", "uuid": "b3517aed-02b3-49db-b5be-8b488f862a6e", "value": "241106" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311154", "to_ids": true, "type": "vhash", "uuid": "9d490a92-6fb2-4a46-92e8-59a3bfb181f2", "value": "1251375d1515151c051d1az170e5z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311154", "to_ids": true, "type": "filename", "uuid": "c20bcedf-bbf4-440e-ab27-0ba3d1b646ce", "value": "b6466f4f88ddce385be689db81b9c4c2521d1a1bd119c3c0cb62e65106fac73c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311154", "to_ids": false, "type": "text", "uuid": "cd0e058b-2075-4541-a3d3-6185cfa95376", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:39:03.000000+00:00\nLast Submission:2026-04-20T23:39:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545079", "uuid": "9091f080-f501-444f-80ab-aa447723b43d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545079", "to_ids": true, "type": "md5", "uuid": "7a42bd91-28ce-4c3a-bd81-0cd1a507d375", "value": "7a635c1b1ab679bde304dc4a72529fb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545079", "to_ids": true, "type": "sha1", "uuid": "3e18365f-de46-4356-a556-ca2ba61b6ee1", "value": "16621ff9970c5b5722b2c05f43304f7a657dc817", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545079", "to_ids": true, "type": "sha256", "uuid": "7e15032b-6abe-4e2b-b79d-c3219ed75c40", "value": "b6d48e5e8bf76fdf911dad5c6daf457f645e7082b9bbb0f9952d03d7eee5e56a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311176", "to_ids": true, "type": "ssdeep", "uuid": "ac4d9b1d-ff70-48c9-a65b-1daa99825de7", "value": "3072:xvTeXQwDasaAmiTQhAS/xYN0t51756565rnIryH//C6QK:FeXbuFaTcAS/0rE9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311176", "to_ids": false, "type": "size-in-bytes", "uuid": "fbb31843-a302-4ed1-bbe9-aece17e7c1ef", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311176", "to_ids": true, "type": "vhash", "uuid": "487710e3-05ef-40ad-9664-b7445229021c", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311176", "to_ids": true, "type": "filename", "uuid": "b130253f-6d4d-43a1-ad23-fa38a267e097", "value": "b6d48e5e8bf76fdf911dad5c6daf457f645e7082b9bbb0f9952d03d7eee5e56a.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311176", "to_ids": false, "type": "text", "uuid": "005a12fa-7a7c-4e9d-ac9d-c4e9ad4d2100", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:08:07.000000+00:00\nLast Submission:2026-04-20T23:08:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545082", "uuid": "fe666416-85e2-4997-a41a-e3a2eb5d5c59", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545081", "to_ids": true, "type": "md5", "uuid": "042cef33-aa75-417f-83ef-47c3812138ad", "value": "8dda0dc4124e43939cd46854c39eddde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545082", "to_ids": true, "type": "sha1", "uuid": "22f6d106-108c-4f79-a4df-608d31d5ae88", "value": "b4051d43281db01776bf753c09aa531da5b4eb7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545082", "to_ids": true, "type": "sha256", "uuid": "d7f4c771-eb08-44eb-b74e-d1884df2c188", "value": "b8abff5f55bb3c6b6b9acae1fe545b3163462639f601ea8325475eededc16986", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311198", "to_ids": true, "type": "ssdeep", "uuid": "7765126f-f398-46b1-99c0-f73a3f87f1f5", "value": "6144:7nx7Ca8MS+jKnkN2HKVubHyQiZz2jaonQ:1C5bFkIqNPUy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311198", "to_ids": false, "type": "size-in-bytes", "uuid": "2f9e2359-76a7-444d-b60c-2286ff52bf56", "value": "234478" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311198", "to_ids": true, "type": "vhash", "uuid": "0be2c590-df63-46bc-86ea-979e5dad54c1", "value": "1251376d1515151c051d1az150dlz31z4az1" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311198", "to_ids": false, "type": "text", "uuid": "ee6c5082-1d25-41eb-a787-fb5af28ed51c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:20/71\nFirst Submission:2026-04-24T17:10:07.000000+00:00\nLast Submission:2026-04-24T17:10:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545085", "uuid": "63c6da32-a297-411a-a4d0-aeed582c580d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545084", "to_ids": true, "type": "md5", "uuid": "d37ce683-e638-4868-9d12-9cd50fd859bd", "value": "c7e095376f370481028bedd8888d475c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545084", "to_ids": true, "type": "sha1", "uuid": "7a88fb40-e483-4442-abcc-f06e2fcb2192", "value": "89bb447ab803aae42e7531423fc5c06a544448df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545085", "to_ids": true, "type": "sha256", "uuid": "44f3750e-023f-4511-a7a3-9fedf2ebc437", "value": "b9fe5632860836ca8738860db1df08a5373cc8d66cacc1562d3ff2b85b4f4e3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311241", "to_ids": true, "type": "ssdeep", "uuid": "8d310de3-7f5a-48b6-9a39-1e6827938c44", "value": "3072:RBTeXQwDasaAmiTQhAS/xYN0C51756565rnIryHw/CmwK:beXbuFaTcAS/0uLd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311241", "to_ids": false, "type": "size-in-bytes", "uuid": "f640ebc0-fa2d-460e-9ce2-a1cbd097c804", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311241", "to_ids": true, "type": "vhash", "uuid": "25998960-fec2-42fa-902a-b81f4dc5c323", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311241", "to_ids": true, "type": "filename", "uuid": "f42b1618-a6a7-4e4d-a39d-87e2664bc5cb", "value": "b9fe5632860836ca8738860db1df08a5373cc8d66cacc1562d3ff2b85b4f4e3f.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311241", "to_ids": false, "type": "text", "uuid": "51156760-aec3-48ed-9b24-006f6cd8715a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-20T23:17:36.000000+00:00\nLast Submission:2026-04-20T23:17:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545087", "uuid": "d6634eca-1dff-49f6-a150-94de4249cc54", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545086", "to_ids": true, "type": "md5", "uuid": "14c7ff4c-1fa8-453a-9714-2f615b459678", "value": "13660085b4c3d8bd660c769ca1d824d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545087", "to_ids": true, "type": "sha1", "uuid": "40b75088-bd62-4d77-a6b9-e81e497361b6", "value": "1cad76742c43cbcadbb89428d89998806d4ef04f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545087", "to_ids": true, "type": "sha256", "uuid": "9263ddc0-d29a-45af-ba92-8aeca1ecfc55", "value": "c1accfb182ec267d0ff8c4d473494c16160390a79f1d8240db5b57b0a6f58acb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311285", "to_ids": true, "type": "ssdeep", "uuid": "378339f6-d109-4627-b334-b3e8635b76f6", "value": "3072:cLTdd+k2M31COjvyGOYQb6AwrubNATME5JAC/T/2njLhbCDvmSOo2iePG3ufWC+G:uak2E1JKWM6AwrQoi5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311285", "to_ids": false, "type": "size-in-bytes", "uuid": "9e5604c1-921d-41c3-9d44-664f2ad18c73", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311285", "to_ids": true, "type": "vhash", "uuid": "a37e90f1-da1c-4eb9-a034-ecffb41aed47", "value": "115066655d155d055az517z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311285", "to_ids": true, "type": "filename", "uuid": "abb7e04d-b9a3-4201-9ccc-ff1f2b240f50", "value": "c1accfb182ec267d0ff8c4d473494c16160390a79f1d8240db5b57b0a6f58acb.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311285", "to_ids": false, "type": "text", "uuid": "fc7a06fe-5eb0-4f32-b528-a85e22e0cbaf", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:06:09.000000+00:00\nLast Submission:2026-04-20T23:06:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545090", "uuid": "525e082f-34a1-49fd-ab6f-6fb297a2b0d2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545089", "to_ids": true, "type": "md5", "uuid": "d5abe539-e26e-48a0-bd7c-58b1222d6edb", "value": "dfffc2f7baf42797d3543719705ffcc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545089", "to_ids": true, "type": "sha1", "uuid": "2b83bcbd-7871-463e-909c-9c51f24068fa", "value": "99dac559ff327e630591be7c90a11138e1cf3721", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545090", "to_ids": true, "type": "sha256", "uuid": "934d3ede-0fd6-437c-ad41-71402f56d1bd", "value": "c3c186ad8f38885608d9f5ae51e98eff34024090bb23f29111c58dab369a4360", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311328", "to_ids": true, "type": "ssdeep", "uuid": "2a2eadb9-942c-47eb-a088-bc0ea0d6ab1d", "value": "3072:PBsVl7xAa4F0S+UtKnkpsT2c3KVuRHyBOiZPnZU2joyO74M:W7Ca42S+MKnkC2eKVuRHyQiZG2joyHM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311328", "to_ids": false, "type": "size-in-bytes", "uuid": "97d0a0b1-31ce-4709-98e7-c7c96e7c7b72", "value": "241071" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311328", "to_ids": true, "type": "vhash", "uuid": "1fd20ac3-bef6-4298-bd6e-1da08f4421a0", "value": "1251375d1515151c051d1az170e5z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311328", "to_ids": true, "type": "filename", "uuid": "345aae81-9887-49ea-b735-96b43c8a26f2", "value": "k5nrv.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311328", "to_ids": false, "type": "text", "uuid": "d9545361-73a7-497f-a2de-336b9a14f7a2", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGX!MTB\nVT Total Detection:28/72\nFirst Submission:2026-04-23T10:11:11.000000+00:00\nLast Submission:2026-04-23T10:11:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545092", "uuid": "6db8ef25-1a5d-4167-8de0-92d21339df42", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545092", "to_ids": true, "type": "md5", "uuid": "d925473a-3144-4e4c-b251-6911bce0cf02", "value": "b7068c3cfb34c849341ce81022444f19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545092", "to_ids": true, "type": "sha1", "uuid": "549e7ca0-72f0-4d1d-b40a-b8767707dce2", "value": "7ce1a5e4d0146086b5b153fcbf2800f2125d3203", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545092", "to_ids": true, "type": "sha256", "uuid": "dac7402a-aa87-4e4c-b6b5-daad2daeeb8c", "value": "c3d736d7c775fab7ea67bce29868ffc4d1f8f1b93e270625b7c6615f6d234a02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311349", "to_ids": true, "type": "ssdeep", "uuid": "e84ae47f-b225-4252-807e-514e44521d2a", "value": "3072:VvbLzvFq70zdDlGqpQb0wzczUaAtpFrpqpqpvykTi3Ve0:pv470xprM0wzcgd70" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311349", "to_ids": false, "type": "size-in-bytes", "uuid": "ef31072f-f914-4958-9b1a-4304b23c8cfd", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311349", "to_ids": true, "type": "vhash", "uuid": "90a71938-6921-4d48-9cfb-088f92557a53", "value": "115066655d155d055az4fnz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311349", "to_ids": true, "type": "filename", "uuid": "1bb663c9-e14d-40bd-b55e-37505254a85d", "value": "c3d736d7c775fab7ea67bce29868ffc4d1f8f1b93e270625b7c6615f6d234a02.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311349", "to_ids": false, "type": "text", "uuid": "b5e6ae58-1df4-4608-b035-4e363ea8a245", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2026-04-20T23:06:15.000000+00:00\nLast Submission:2026-04-21T02:14:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545095", "uuid": "62e02fbd-15bd-4bf0-b03f-01afcd54ad59", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545094", "to_ids": true, "type": "md5", "uuid": "1842e7b0-3cc1-49d9-9c21-cf544dae8754", "value": "2dbc3f9d404302dc5f4201a52ff0ef00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545094", "to_ids": true, "type": "sha1", "uuid": "b88ce79f-9d19-4769-a800-bb4d7ce7af36", "value": "c715c9bfb6389f82d07af837a4f85249fa60a945", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545095", "to_ids": true, "type": "sha256", "uuid": "d7885167-2559-4579-b443-9942cf484a7f", "value": "c3edab607d8eaca4433eae265de68f9d4b16fc7665d1856bf72f471d049483e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311371", "to_ids": true, "type": "ssdeep", "uuid": "fc6a69c1-c695-4541-b3a8-12ca68326e7c", "value": "3072:FM7nphumaOQbIOA3Z9yerAOjzJoyfm2GgzskZpgyzfWHRzd9aiD8LcckVPxIiTsE:uphRMIOA3ZQe4WK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311371", "to_ids": false, "type": "size-in-bytes", "uuid": "1a0d380e-14b4-4eed-b841-827d715422a0", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311371", "to_ids": true, "type": "vhash", "uuid": "29dce96a-083b-48f2-8202-a175ef322db8", "value": "115066655d155d055az557z2095z13z41z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311371", "to_ids": true, "type": "filename", "uuid": "127d3ab5-f636-435f-94a5-6f73ad2d7cd8", "value": "c3edab607d8eaca4433eae265de68f9d4b16fc7665d1856bf72f471d049483e5.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311371", "to_ids": false, "type": "text", "uuid": "1131b937-14c4-4cb9-a965-ef29c2af074a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:24/71\nFirst Submission:2026-04-20T22:52:22.000000+00:00\nLast Submission:2026-04-20T22:52:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545097", "uuid": "154db373-8d08-41b2-a06b-39ff83ebb673", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545097", "to_ids": true, "type": "md5", "uuid": "20e68c4d-a266-4b17-9d28-8b124aa5f004", "value": "0942693aef91fbd9757ecb55c8a53636", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545097", "to_ids": true, "type": "sha1", "uuid": "5b01ff28-f18a-408d-bbb1-7f147c97b330", "value": "88cb0a7531fd94ce2250ae2a9136a87b991131f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545097", "to_ids": true, "type": "sha256", "uuid": "17f9ad97-45c9-4b34-a702-4006e154beb1", "value": "c8e333d219ef97b7cf0b03dc8e9dd9c71083abb351f659a4f6e4f09fcabe9145", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311393", "to_ids": true, "type": "ssdeep", "uuid": "a4a20650-8b97-45f9-bae0-ce6b62af573b", "value": "3072:B3WHVWRRWAo2QVAChQNwvrXT/7nM4L3zm2Q9ZVbZacTihsrH2jcv:tW1UIE4ACh4diI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311393", "to_ids": false, "type": "size-in-bytes", "uuid": "823ffe59-b7e8-4ece-a87f-68f9c64eca0f", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311393", "to_ids": true, "type": "vhash", "uuid": "efd22c6c-a3b6-40d2-896e-f0ac1fd6c34a", "value": "115066655d155d055048z4enz31z4az3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311393", "to_ids": true, "type": "filename", "uuid": "ae5118d6-673a-4865-b576-4de83f12acae", "value": "c8e333d219ef97b7cf0b03dc8e9dd9c71083abb351f659a4f6e4f09fcabe9145.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311393", "to_ids": false, "type": "text", "uuid": "51cd8335-a134-4048-93eb-dc4b8f9219b3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545100", "uuid": "1b6811c1-7e87-48b9-9586-cd07d09eedb4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545099", "to_ids": true, "type": "md5", "uuid": "ff86cf5a-cb36-4ab9-affa-c0784acba362", "value": "d2357c11c2a50c3bc98ca2f3f4c6ef65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545100", "to_ids": true, "type": "sha1", "uuid": "9bf37117-d495-461b-8464-196f89c02329", "value": "515b3bc7a88db1619c06366e21b7a7b2c2bf7070", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545100", "to_ids": true, "type": "sha256", "uuid": "fccde769-e8df-4731-b675-01af517254f2", "value": "c94e1178c6bb0a504e0c0502ad1eae647cc9e33064784220413050bd95adbfed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311414", "to_ids": true, "type": "ssdeep", "uuid": "9aa6a5d2-2ea9-4f08-89ce-c950b6bd8955", "value": "3072:iKvXPgNZIPFA1cQ6pZ2ahqSvmSOo2iePG3ufWC+vr//T/7nM4L3zm2Q9ZVbq+b2J:LXPe2NPbpZ2OqcYOq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311414", "to_ids": false, "type": "size-in-bytes", "uuid": "bdf0f128-7bd2-4e43-acc4-ed1cda99cf57", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311414", "to_ids": true, "type": "vhash", "uuid": "6ea96214-f8ef-4536-b856-a41276200ca8", "value": "115066655d155d055az52hz13z41z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311414", "to_ids": true, "type": "filename", "uuid": "f835c7a8-6db7-4644-97d3-b9b3a96c6b15", "value": "c94e1178c6bb0a504e0c0502ad1eae647cc9e33064784220413050bd95adbfed.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311414", "to_ids": false, "type": "text", "uuid": "f7ac856b-e365-466b-bd80-b3bb58174575", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:11/72\nFirst Submission:2026-04-20T23:36:20.000000+00:00\nLast Submission:2026-04-20T23:36:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545103", "uuid": "3719da82-7aa5-4b7d-81ec-2fae0e2e601e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545102", "to_ids": true, "type": "md5", "uuid": "0e92f1c6-0675-429e-814a-225118ff9ce1", "value": "4d5b5384d09b735299143d49b8397b80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545103", "to_ids": true, "type": "sha1", "uuid": "87c7860c-6021-4ed6-bbdc-80e8d18f66a6", "value": "7f2195d41a56bd7688da1adc68dceaccad25c3e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545103", "to_ids": true, "type": "sha256", "uuid": "64055cb1-f409-4beb-82cf-69716d227ef6", "value": "cbbb25a03a664e156ca5237b3f5b0d431ecf98ee978cc85a336369eeabd7c1e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311436", "to_ids": true, "type": "ssdeep", "uuid": "10959586-1b19-4585-8298-764d89da5f3b", "value": "3072:84TeXQwDasaAmiTQhAS/xYN0s51756565rnIryHe/CCQK:TeXbuFaTcAS/0oV9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311436", "to_ids": false, "type": "size-in-bytes", "uuid": "be9a3785-9b0d-4eae-a3a6-92212bec461e", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311436", "to_ids": true, "type": "vhash", "uuid": "701a424a-5bef-4271-baeb-7826399d2ee8", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311436", "to_ids": true, "type": "filename", "uuid": "82f0a2c1-e34f-4118-85c6-72dc459908dd", "value": "cbbb25a03a664e156ca5237b3f5b0d431ecf98ee978cc85a336369eeabd7c1e7.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311436", "to_ids": false, "type": "text", "uuid": "615a0d5f-bb0d-4ddd-8d71-9c5c122781fa", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-21T00:19:45.000000+00:00\nLast Submission:2026-04-21T00:19:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545105", "uuid": "b867c7f4-c630-4df4-a7fe-83ae6cb0a7e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545104", "to_ids": true, "type": "md5", "uuid": "f1c0f9fb-121c-4af7-8762-f2742b9893d1", "value": "cc1b1979c20f8e6946a6abcf1f9977e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545105", "to_ids": true, "type": "sha1", "uuid": "15e05125-3013-43af-90c2-e3a099021e24", "value": "f33aed9ea287a2213307b42e54ee9c8364f523dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545105", "to_ids": true, "type": "sha256", "uuid": "86425f8c-0abd-428b-a636-2ea39198117e", "value": "cc26c623a2b6e72ece95981eac73c89e6ec8d804290152ce34561ad14f6a8615", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311458", "to_ids": true, "type": "ssdeep", "uuid": "73014a4f-f4c7-4431-96a6-70d2506f57b4", "value": "384:kTm19Q3T3JlIqpHGYuwvA6Bh6mckVPxIiThpMMMqWLXNln:ki19Qj3H5zuEYmckVPxIiT/MMMBbn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311458", "to_ids": false, "type": "size-in-bytes", "uuid": "fd274bf1-fb32-4922-ad3d-a76904985c7f", "value": "20992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311458", "to_ids": true, "type": "vhash", "uuid": "453018f2-be9a-44fd-b6ef-fcf927716d6e", "value": "1240c75d1515151c051d1048z161mz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311458", "to_ids": true, "type": "filename", "uuid": "91f80d44-7ddb-4a96-84e7-e1ea181a9a69", "value": "VERSION.dll" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311458", "to_ids": false, "type": "text", "uuid": "7172e90d-bfbb-4078-a772-f7b859387b13", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:33/72\nFirst Submission:2026-04-20T23:28:57.000000+00:00\nLast Submission:2026-04-21T06:05:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545107", "uuid": "0c34958b-08a0-4573-a828-06c1cf284b22", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545107", "to_ids": true, "type": "md5", "uuid": "44534e4a-8bc6-4801-9dc9-ef2c3fdb89d2", "value": "0a52eb6398f6fa955f326e44c8fd4641", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545107", "to_ids": true, "type": "sha1", "uuid": "ff80ff94-acc5-4740-a8d5-77a556b113ca", "value": "0b6eb6074959ea827a93ee45b64825c8fa069c02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545107", "to_ids": true, "type": "sha256", "uuid": "5427d2be-12b4-4f23-9a41-17127e6cd6ed", "value": "cd28ded9d669d5cfbd09c212f1a73f68d7872984de72172f9f26e9923286826c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311480", "to_ids": true, "type": "ssdeep", "uuid": "bd2830cd-42b6-40e9-b55d-ca01925135c8", "value": "3072:Jdw50aYcaKf0duwCqeYKhXpBEVJsxlDb36T:I5FY60M3YaESrU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311480", "to_ids": false, "type": "size-in-bytes", "uuid": "8e534f76-4ee0-4f63-b6d6-ce9ec2ff3159", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311480", "to_ids": true, "type": "vhash", "uuid": "cf66eed6-c410-4146-9f3c-7b45474e8fef", "value": "115066655d151d055088z58hz13z5ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311480", "to_ids": true, "type": "filename", "uuid": "d8fcd197-ad85-4731-934c-1fa58d0f155f", "value": "cd28ded9d669d5cfbd09c212f1a73f68d7872984de72172f9f26e9923286826c.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311480", "to_ids": false, "type": "text", "uuid": "8088bba4-bd8e-4226-bf8a-3733ffa65944", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:01:44.000000+00:00\nLast Submission:2026-04-20T23:01:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545110", "uuid": "776c8fb1-8181-403f-a26b-4fc4622264cf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545109", "to_ids": true, "type": "md5", "uuid": "a48160c6-490a-451d-bafc-0c1f65492264", "value": "7b5589716e7c328930066664de90e77c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545110", "to_ids": true, "type": "sha1", "uuid": "d34f4739-3640-44a2-bc03-6207c72589a5", "value": "6cf1822dda1493b77b60c1aca54fe6ddf8e6dc84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545110", "to_ids": true, "type": "sha256", "uuid": "9eedd3fa-5a12-4860-a484-a4f9c5f7e81c", "value": "cdf2ed9e0b1e64c2ebb1b0d9d8adaeee4c97daeccf9b29b79f3273744d3e43d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311501", "to_ids": true, "type": "ssdeep", "uuid": "6354ab1a-0ac4-43d3-b018-e4eb89a4d574", "value": "3072:PLLD8KfFW2ceGiHQbQwW7JkqAtpFrpqpqpv2kTindCpp:PYKtW2ltMQwW7aZ+s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311501", "to_ids": false, "type": "size-in-bytes", "uuid": "2bcdebec-c0ae-4be7-a912-93f0c5ac352d", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311501", "to_ids": true, "type": "vhash", "uuid": "899c4ca9-a3dd-4a52-85ea-a41874fd5203", "value": "115066655d155d055az4fnz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311501", "to_ids": true, "type": "filename", "uuid": "a23f98aa-39c3-4973-8ebe-5c95dc0d384e", "value": "cdf2ed9e0b1e64c2ebb1b0d9d8adaeee4c97daeccf9b29b79f3273744d3e43d8.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311501", "to_ids": false, "type": "text", "uuid": "0ccb4367-3f2d-4d51-b078-6d2676dbb9e7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:18:01.000000+00:00\nLast Submission:2026-04-20T23:18:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545113", "uuid": "ed4a68d8-471c-4042-be98-5cad9e27543f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545112", "to_ids": true, "type": "md5", "uuid": "1e872030-3393-4000-a460-b7dd88bafa0e", "value": "b11f9e5c0c43220563b9b29b98fa0902", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545112", "to_ids": true, "type": "sha1", "uuid": "eebb7771-4ef4-4dad-8eae-9b76aa2d13c0", "value": "30379f326fff40184d0bef8f13b9f5414447c5fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545113", "to_ids": true, "type": "sha256", "uuid": "ff8773b8-21f5-4e2a-9321-cd1efe479d0c", "value": "cf7eba5d700334230fde16da8191f765132649e6342018c69cffd267943effb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311523", "to_ids": true, "type": "ssdeep", "uuid": "b4890971-977c-4b38-a791-360f20fe9ca8", "value": "384:0Dm1913DcyseIqpHGYuwvA6LghFmckVPxIiThpMMMqWLXNRtr:0S191F5H5zuEomckVPxIiT/MMMB5r" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311523", "to_ids": false, "type": "size-in-bytes", "uuid": "9f0c6d5c-34f4-42b3-9421-dbbbe906e606", "value": "20992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311523", "to_ids": true, "type": "vhash", "uuid": "d1e67a97-c488-45cd-a57b-0e77bcc9f60e", "value": "1240c75d1515151c051d1048z161mz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311523", "to_ids": true, "type": "filename", "uuid": "e7703638-520f-4895-b99d-12b093b39e16", "value": "CCleaner.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311523", "to_ids": false, "type": "text", "uuid": "5dfbe077-8671-4afc-9863-260094719da4", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:12/71\nFirst Submission:2026-04-21T00:43:36.000000+00:00\nLast Submission:2026-04-21T06:05:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545115", "uuid": "3a99dcff-4055-4ecd-bd17-55a205457a2b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545114", "to_ids": true, "type": "md5", "uuid": "14a37e3f-aacb-4328-a7fd-e0eef5f0a677", "value": "93b9edfb650f392722f2143e4fe0271b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545115", "to_ids": true, "type": "sha1", "uuid": "05aae9c6-99c3-4e01-9aa6-4a0d07dc4700", "value": "ffaa252b95911e8b168a47138b52a017e3eb3e4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545115", "to_ids": true, "type": "sha256", "uuid": "fde9e163-a80b-4854-9c7d-1e838680d240", "value": "d0b1bd3840030d2080ad62eef3a50f47a46fbeebbda51d5672be370690014ef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311545", "to_ids": true, "type": "ssdeep", "uuid": "b552e277-79ad-4616-ac5c-017800d4c842", "value": "1572864:lNvGCNRixbPlrp4MpeU4cpVblbtHvJb7ZlBS3bQiOFx++/305WNejZlqE6N0okBi:lmbJBrh5cI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311545", "to_ids": false, "type": "size-in-bytes", "uuid": "ea17b1ba-a167-44e8-9005-67d8927efdab", "value": "186236520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311545", "to_ids": true, "type": "vhash", "uuid": "cf3f65f1-3cae-45a7-b9d3-eeb19a42168d", "value": "0180f6656d156550161d14z1c2zff3z52z143z77z3001f334zc59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311545", "to_ids": true, "type": "filename", "uuid": "9be21894-07a3-4940-abb1-70b9a01a6ada", "value": "Framer" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311545", "to_ids": false, "type": "text", "uuid": "eff0a34c-4494-4ac9-9568-3e3002d3f82e", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/70\nFirst Submission:2024-11-12T10:57:23.000000+00:00\nLast Submission:2024-11-12T10:57:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545118", "uuid": "d779ef06-4f35-4a1f-8511-1932b7ca38a4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545117", "to_ids": true, "type": "md5", "uuid": "6b6010aa-25d6-4caf-8238-0fc41bcad58c", "value": "221cb999e8d538a5434ed812df1ffefb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545117", "to_ids": true, "type": "sha1", "uuid": "e7bc4fce-836d-492c-b043-eba2dcf59e2e", "value": "aa267c747a0e8ab238e310f37305d2c5618c6eb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545118", "to_ids": true, "type": "sha256", "uuid": "ba4f4c24-12f7-47ae-a133-aa8c0ccf8074", "value": "d0d9bf2064534bade4ccae6e7dc11fa398983bb10e08b55897f8ec406e4af1be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311567", "to_ids": true, "type": "ssdeep", "uuid": "fedf2ac9-e9d5-425b-a95f-d1e8fec38587", "value": "3072:gyMA45KbE+c6GsOEQbQwWKqe9i2Q9ZVbZaZaLEt3LPjkSqvu:g84gbE+5hMQwWKB7Fqvu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311567", "to_ids": false, "type": "size-in-bytes", "uuid": "c18599fe-f9fc-4df1-871f-7cf83c693b57", "value": "104960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311567", "to_ids": true, "type": "vhash", "uuid": "c5fa6ed3-d89b-42d3-a2d0-49c3592006c0", "value": "115066655d155d055az51nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311567", "to_ids": true, "type": "filename", "uuid": "18be35da-8aa2-4659-9f65-3a962f150895", "value": "d0d9bf2064534bade4ccae6e7dc11fa398983bb10e08b55897f8ec406e4af1be.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311567", "to_ids": false, "type": "text", "uuid": "c3783ce3-eb50-42a5-bf93-f705685c8b45", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T22:46:04.000000+00:00\nLast Submission:2026-04-20T22:46:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545120", "uuid": "c86ffc2e-1f75-4844-a6dd-80dd318c9385", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545120", "to_ids": true, "type": "md5", "uuid": "5bc1528b-32cd-44b5-bf37-103396384fba", "value": "730d93ef0f3f595b13c2a860970196e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545120", "to_ids": true, "type": "sha1", "uuid": "2bcba57d-0935-486f-b804-d83fdd37778c", "value": "b19ebb27eb26aaecf3b3497fab5e70bb49172c65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545120", "to_ids": true, "type": "sha256", "uuid": "c7955639-fc4c-4723-97f3-6a0f3e3b3771", "value": "d141aeee85b1252cbf319d91fb200e559936a611642741f89924d27468974e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311588", "to_ids": true, "type": "ssdeep", "uuid": "82ee0e60-b303-4bc4-9790-ed018482906b", "value": "3072:SyMA45KbE+c6GsOEQbQwWKqe9d2Q9ZVbZaZaLEt3LPQkAVvu:S84gbE+5hMQwWKBKcVvu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311588", "to_ids": false, "type": "size-in-bytes", "uuid": "8c9850be-d33d-4a9a-a24a-98b8f838e041", "value": "104960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311588", "to_ids": true, "type": "vhash", "uuid": "e14057c1-86b3-4293-87f1-4a521ccdf4ed", "value": "115066655d155d055az51nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311588", "to_ids": true, "type": "filename", "uuid": "5e884a11-1e8e-465a-b24b-7a57b10ba97a", "value": "d141aeee85b1252cbf319d91fb200e559936a611642741f89924d27468974e61.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311588", "to_ids": false, "type": "text", "uuid": "5173c2fc-0ae2-4175-aba6-fbf1ce196c8c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:40:07.000000+00:00\nLast Submission:2026-04-20T23:40:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545123", "uuid": "75903b6e-6688-423b-aa9e-5c22023beb55", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545122", "to_ids": true, "type": "md5", "uuid": "b50a4790-a774-4f4e-abae-9e42ee2bbd23", "value": "dd5f598ceb6d220d14a495d0a333cf63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545123", "to_ids": true, "type": "sha1", "uuid": "21e61215-3f91-461b-a766-e5ec988c1274", "value": "7cdbdb4895165a814f9cf8909a9fb103c6b0c273", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545123", "to_ids": true, "type": "sha256", "uuid": "c3b24edd-8c93-443d-b036-d7750588ca97", "value": "d3776ff2d48df361b9035347da3f46c41133224afbbf0a19d29d916969e02c88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311610", "to_ids": true, "type": "ssdeep", "uuid": "2c409786-8301-4da0-a900-1fba2a46530e", "value": "3072:6Xj7jVbm1OmGxRQbhABb9h7Z4Cv2GWwD80p5wCDvmXT7RLyzfWC7PlChHZkWEhce:6XLVa1LMMhABbL7X2E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311610", "to_ids": false, "type": "size-in-bytes", "uuid": "6ecabf08-920f-430f-a043-e16812cca35c", "value": "106496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311610", "to_ids": true, "type": "vhash", "uuid": "841efad7-fa6b-4ade-ab43-ef2e85ad03c8", "value": "115066655d155d055048z517z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311610", "to_ids": true, "type": "filename", "uuid": "78a03046-ed83-4393-ac85-9c250d749beb", "value": "d3776ff2d48df361b9035347da3f46c41133224afbbf0a19d29d916969e02c88.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311610", "to_ids": false, "type": "text", "uuid": "a9ab8b23-775e-4886-b900-bbd977d13b8b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-21T00:27:03.000000+00:00\nLast Submission:2026-04-21T00:27:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545126", "uuid": "55683bc8-8ad8-451c-b62e-a3ce0805c7dd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545125", "to_ids": true, "type": "md5", "uuid": "29d0ecd2-a1c8-41a8-a52d-4b44c0be30af", "value": "8400c4c5ae1ca586981b2c36a964ba4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545125", "to_ids": true, "type": "sha1", "uuid": "d383f962-26a3-4077-b01d-3990ec089339", "value": "2599890d91469fa6357636967c98e6371077ee39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545126", "to_ids": true, "type": "sha256", "uuid": "30a29c06-0ea9-429f-b901-d73a751f1b9e", "value": "dd5236252ae24f532d26c91e385cb313bb98f0418e24738d34ff246683cf9216", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311653", "to_ids": true, "type": "ssdeep", "uuid": "698d05e1-66c5-4ed6-8d52-534417d69aee", "value": "3072:jLe4hllEwXGysQbEAanzB5bKJMblIdj9dLRIXy:W4zlEcyMEAant5+Cy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311653", "to_ids": false, "type": "size-in-bytes", "uuid": "f42b1bf4-2a4b-41b0-ac2e-ebe8f5d6f457", "value": "103424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311653", "to_ids": true, "type": "vhash", "uuid": "ed5101dc-5334-485b-a1d9-431ebbbc7303", "value": "115066655d155d055az4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311653", "to_ids": true, "type": "filename", "uuid": "14e25ec1-954c-4eac-9552-70e6716035ce", "value": "dd5236252ae24f532d26c91e385cb313bb98f0418e24738d34ff246683cf9216.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311653", "to_ids": false, "type": "text", "uuid": "92c38ebd-787f-4964-904e-5693e16f9170", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-21T00:18:37.000000+00:00\nLast Submission:2026-04-21T00:18:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545128", "uuid": "1651b9af-f8eb-4a75-be83-39ed254e80c5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545127", "to_ids": true, "type": "md5", "uuid": "33dfbd7f-d4e0-4d76-ba42-14b1ca406ac8", "value": "bb721165534f26809f224942a96eac00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545128", "to_ids": true, "type": "sha1", "uuid": "6f401d7e-a4a1-4d31-94ea-c1f166299f6e", "value": "2f52834fc1f9d48d8c9b4985507fd1ddc245fd01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545128", "to_ids": true, "type": "sha256", "uuid": "c3878f34-e7e6-479a-a9d0-fc088b56600a", "value": "de7fa8bfa30a4d4c7957be2a6b843b613c3ff5ca46b1264c37871db063eeab32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311675", "to_ids": true, "type": "ssdeep", "uuid": "c69dc7c2-d97c-45fc-a324-4e5247964f89", "value": "3072:jCiLqnCobdUyn/EXH/dCegzusEpckVPxIiTX0xa+h:dLuPN/EXfdeY04+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311675", "to_ids": false, "type": "size-in-bytes", "uuid": "91661f37-a41a-480c-97f8-7416fe178b9f", "value": "113664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311675", "to_ids": true, "type": "vhash", "uuid": "01dff3f9-6c41-4043-bbde-9d982e78a586", "value": "115066655d151d055088z56hz13z51z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311675", "to_ids": true, "type": "filename", "uuid": "714ec929-a3ff-470e-9e93-47a95fea6ef8", "value": "de7fa8bfa30a4d4c7957be2a6b843b613c3ff5ca46b1264c37871db063eeab32.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311675", "to_ids": false, "type": "text", "uuid": "a827f05f-2dcf-4f48-bab5-434ce77e7fb3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:25/72\nFirst Submission:2026-04-20T23:07:45.000000+00:00\nLast Submission:2026-04-20T23:07:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545131", "uuid": "435b8075-0ba0-4e56-a5d5-d46835589a7e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545130", "to_ids": true, "type": "md5", "uuid": "7263741e-92df-4b46-9fc5-03a694ede662", "value": "9ca0ed43876c52725a22d54791855de1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545130", "to_ids": true, "type": "sha1", "uuid": "bf283eea-df77-4b1f-8d2a-a2292658dc44", "value": "d1beeb42406c9e1abaab903e68fcf38bff3e7253", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545131", "to_ids": true, "type": "sha256", "uuid": "e5167b0f-0153-42a2-aa36-9f28c2af236f", "value": "deb8a3c387741d25834f3a25e4c0ae2ef44fbbc30871f818ab5b588115eb657b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311697", "to_ids": true, "type": "ssdeep", "uuid": "615ba8cd-592b-4883-b1e3-d135ff22d31e", "value": "3072:rEQ8UHW0N9XprHEuXoNLJxSjjtD31Qjy:PWCtuu4s9Dajy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311697", "to_ids": false, "type": "size-in-bytes", "uuid": "e1c163b2-80ce-44e8-a1bf-957194759384", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311697", "to_ids": true, "type": "vhash", "uuid": "c1f62e95-3e04-46aa-9a24-cbfc4470e8dd", "value": "115066655d155d055018z5anz3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311697", "to_ids": true, "type": "filename", "uuid": "7cc99e3b-f642-4d56-b7d6-33ea3d496dfb", "value": "deb8a3c387741d25834f3a25e4c0ae2ef44fbbc30871f818ab5b588115eb657b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311697", "to_ids": false, "type": "text", "uuid": "fb1a7a9d-1273-4a1c-8674-38ed22eda037", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T22:57:15.000000+00:00\nLast Submission:2026-04-20T22:57:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545133", "uuid": "b85d84a0-ef82-4de8-a1ea-6106e9103ed8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545133", "to_ids": true, "type": "md5", "uuid": "f42cc2d6-0765-4879-bcaa-c5dc22398d26", "value": "50da77725aa6190bc49722e9d2f69713", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545133", "to_ids": true, "type": "sha1", "uuid": "ba5acfe1-53f8-4ea1-b568-964657ddc4ae", "value": "5ad166bfc4fc1f623007f60d36dc5db92319297e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545133", "to_ids": true, "type": "sha256", "uuid": "f371cb15-bcbd-461b-b2f9-4920c03e4fae", "value": "e1336fd9d1a22d26e2edc3c186dc9d157dd03c833a28dd0cfccb0e58cd1c5a2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311740", "to_ids": true, "type": "ssdeep", "uuid": "6dfac419-6f79-4bf5-a1db-98fe4b980802", "value": "3072:vunU5V3RNUOiGyAQbnA8i9tIoyfm2GgzskZpgyzfWHDrB7ijPGyuIWCmvVyHXvGq:Oe3bUT+MnA8i7CGc06" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311740", "to_ids": false, "type": "size-in-bytes", "uuid": "96808554-0b4d-4044-967f-bc714562c1d8", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311740", "to_ids": true, "type": "vhash", "uuid": "33d3afe0-d998-4606-b13d-b4472b941dc0", "value": "115066655d155d055048z517z209bz31z49z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311740", "to_ids": true, "type": "filename", "uuid": "696b6de1-6b3f-4927-8299-b3f27311ac23", "value": "e1336fd9d1a22d26e2edc3c186dc9d157dd03c833a28dd0cfccb0e58cd1c5a2b.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311740", "to_ids": false, "type": "text", "uuid": "19bdbba3-0a53-46a9-9d05-35b049488efc", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.VGY!MTB\nVT Total Detection:47/71\nFirst Submission:2026-04-20T23:47:02.000000+00:00\nLast Submission:2026-04-20T23:47:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545136", "uuid": "c7eb1b43-e82b-49da-a53f-08c9ef6f145b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545135", "to_ids": true, "type": "md5", "uuid": "bfb7b655-d62d-463d-acfc-ecaf0812f60b", "value": "dde9b5aa3d9b44c3a56762697603fbc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545136", "to_ids": true, "type": "sha1", "uuid": "e41a44b2-0eeb-41c3-b69c-ebe0ddb2a117", "value": "7d3e156bf4e07cc4d4bdc84e8dd011c18f1c1575", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545136", "to_ids": true, "type": "sha256", "uuid": "2cebd6d4-b0bd-4f72-bd6d-b7679bbcfb8c", "value": "e39b82aadc9e5db230dd0bf2730113497bebf395c09b4ec4c3e2ad9e325499ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311762", "to_ids": true, "type": "ssdeep", "uuid": "bf001c2d-2c9b-45fd-83b4-867c0578eb48", "value": "3072:HjRoTuKPYGd9QbAQR+aw0HWvmXO/2iePL3zfbHsYr//TGWwd5175c7SG4ex8lZEJ:do6KAkMAQR+701gs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311762", "to_ids": false, "type": "size-in-bytes", "uuid": "2b93d97d-6f59-47fb-b6fa-ba335709a390", "value": "107008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311762", "to_ids": true, "type": "vhash", "uuid": "3f119319-6f6d-42c5-af88-bcbbabb51aa8", "value": "115066655d155d055018z57nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311762", "to_ids": true, "type": "filename", "uuid": "59632cd9-d1ea-4141-8864-21e5623cc56b", "value": "e39b82aadc9e5db230dd0bf2730113497bebf395c09b4ec4c3e2ad9e325499ce.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311762", "to_ids": false, "type": "text", "uuid": "f3846a75-0b87-456f-877f-32a84121b0b1", "value": "Type Description: Win32 DLL\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:19/72\nFirst Submission:2026-04-20T23:07:34.000000+00:00\nLast Submission:2026-04-20T23:07:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545139", "uuid": "2fe430a2-c852-4a27-b655-d5b036680868", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545138", "to_ids": true, "type": "md5", "uuid": "40e00e03-d26a-45ac-af2b-f95315a0afb1", "value": "9f26abeae28ed4c1ebb6f5e58885af7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545138", "to_ids": true, "type": "sha1", "uuid": "fbe96ff1-c9ca-499f-adf0-a6889d248534", "value": "7e7642adda2784d3c3b876ab75595b9ec0276c71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545139", "to_ids": true, "type": "sha256", "uuid": "3703701c-0658-4823-8276-f665a7acbdc6", "value": "e3de9346491d8922e5cc364a8ca5c4d647d72c4a34aa26d1758c796a6e3e1bd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311783", "to_ids": true, "type": "ssdeep", "uuid": "657d1c1d-5a0f-45f0-8873-314c34824af4", "value": "3072:hMTeXQwDasaAmiTQhAS/xYN0751756565rnIryH//C9cK:MeXbuFaTcAS/0dPZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311783", "to_ids": false, "type": "size-in-bytes", "uuid": "25c7e539-25ff-4342-8b92-4b1ae849151a", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311783", "to_ids": true, "type": "vhash", "uuid": "f2084c7f-bf10-4581-8998-d241732b1dc4", "value": "115066655d155d055az4enz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311783", "to_ids": true, "type": "filename", "uuid": "0454db1c-4401-4953-be5c-42c9934b21d5", "value": "e3de9346491d8922e5cc364a8ca5c4d647d72c4a34aa26d1758c796a6e3e1bd7.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311783", "to_ids": false, "type": "text", "uuid": "fa541d99-cc0b-48f1-bf14-44954b4c76f4", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T22:54:29.000000+00:00\nLast Submission:2026-04-20T22:54:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545141", "uuid": "dcd6a4ef-5455-4bfc-9140-48bab1ff6917", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545140", "to_ids": true, "type": "md5", "uuid": "d6a0744f-c58d-47c0-84ed-001e75c26ee4", "value": "98806863dd17aa9f1ed35392b18cba55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545141", "to_ids": true, "type": "sha1", "uuid": "e53ad3aa-a877-4ec4-9cca-464df17ae84d", "value": "6f7e54de8f6854e5cb15dd64a985f04d22f64863", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545141", "to_ids": true, "type": "sha256", "uuid": "127c6991-e9a3-4973-85b4-4f7edcce681a", "value": "e95821952c985634fb5ad257023960d4936b9d33a449d2fd02c847f829f27af2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311805", "to_ids": true, "type": "ssdeep", "uuid": "97d63f2c-b70a-40bf-aded-41218a544061", "value": "196608:VJ5JQaPHrQqXs140qMhu8369sV+HLz9SKUeNdDhHidVRTKM8VP+nUMZni4zg:VnJQaPHrQqXs140qMhu8369sV+HLz9SE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311805", "to_ids": false, "type": "size-in-bytes", "uuid": "abafda7f-4a21-4356-be86-a679e9fdb6fc", "value": "7112192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311805", "to_ids": true, "type": "vhash", "uuid": "f76910a0-7411-4a87-9f03-1f0b2290dae1", "value": "076066655d6576757054z1500857z5125z12z4303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311805", "to_ids": true, "type": "filename", "uuid": "093a0f23-fd1c-47b5-87cb-0c94327fb685", "value": "XWormLoader.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311805", "to_ids": false, "type": "text", "uuid": "2011e550-f994-48d3-94e4-25eed65ff50a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:14:52.000000+00:00\nLast Submission:2026-04-20T23:14:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545144", "uuid": "5a6fb552-1f9e-47ad-83c0-b52cd125e9f4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545143", "to_ids": true, "type": "md5", "uuid": "3beb881f-f46b-45ff-b524-72d7f9e711fd", "value": "8ee2aea1380b45e1e2c5605befcefe5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545143", "to_ids": true, "type": "sha1", "uuid": "aec43046-fdc3-4c96-bc12-7a5219f15681", "value": "a697e898824523c91ebfe6c6b1081ec2a1716b87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545144", "to_ids": true, "type": "sha256", "uuid": "bc28dcec-1414-4d24-b9b6-e7836f9a3e32", "value": "ea54242618c2307e24722d47a4ef5a9fe84c7025a2e7dd3fbaa76e057bf7c5a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311827", "to_ids": true, "type": "ssdeep", "uuid": "a4b71b83-0d74-47b5-a052-5f1bfc3f96ee", "value": "1572864:PW+4eWm5HCPjfFiJyU5mfwlWTTgKXKYRzPbpjg3us4DGkJ5zCzlH2iqxwVggpuvH:OOIf1XKKJN3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311827", "to_ids": false, "type": "size-in-bytes", "uuid": "2e721f8e-0ed5-4efc-8a49-bef66dd8a4c5", "value": "163333632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311827", "to_ids": true, "type": "vhash", "uuid": "abdb1ba3-cd93-4df3-821e-f7b13f30ac5c", "value": "0180f6656d556515501614z152zff3z22z143za7z3001f334zb43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311827", "to_ids": true, "type": "filename", "uuid": "1019ef2d-d81a-4a01-bc5e-a34fb0776870", "value": "Session" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311827", "to_ids": false, "type": "text", "uuid": "70494c6f-5a32-4b4a-898c-5833786b7e3a", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/70\nFirst Submission:2024-09-30T06:28:11.000000+00:00\nLast Submission:2025-06-12T16:00:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545146", "uuid": "275f2949-f868-46e9-b656-ffc6c175c4d6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545145", "to_ids": true, "type": "md5", "uuid": "16395dd9-9164-40e8-8d33-d3cbf21cee0f", "value": "450de644465dd172b6e2adc07636bfa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545146", "to_ids": true, "type": "sha1", "uuid": "310dc2ef-be9d-41d8-8ab7-f329abb4661f", "value": "454b6f64144df1a5a57b76a4d4f734db2d14744b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545146", "to_ids": true, "type": "sha256", "uuid": "39f6e68d-b302-4d35-8a3e-6179598aa4a8", "value": "f175082a5ae7fe14c0d930efd205e168cdc284ae100f86b4da63b87c242036d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311933", "to_ids": true, "type": "ssdeep", "uuid": "df6e053b-2b28-4ec2-9e28-64c7c396cc25", "value": "3072:/P/GUyB0xvTspGp0vjyZHYd+r6qqTfoJF/k:eUlxvTOGMyBh6of/k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311933", "to_ids": false, "type": "size-in-bytes", "uuid": "05944579-e4e2-4aaa-a5b2-e33f9802bf12", "value": "109568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311933", "to_ids": true, "type": "vhash", "uuid": "d0dcf778-aaf9-4e67-a972-f47d637974ee", "value": "115066655d155d055018z5d7z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311933", "to_ids": true, "type": "filename", "uuid": "19b674d7-2ed9-4da3-9505-d6393b4bdd14", "value": "f175082a5ae7fe14c0d930efd205e168cdc284ae100f86b4da63b87c242036d5_nethost.dll" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311933", "to_ids": false, "type": "text", "uuid": "e9a7b6cc-4b58-49f5-b7e7-91a651c5b134", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-20T23:06:58.000000+00:00\nLast Submission:2026-04-20T23:06:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545148", "uuid": "798cbdda-dc31-40e7-898c-686bab27dc0d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545147", "to_ids": true, "type": "md5", "uuid": "1ba65601-a21b-45a5-93d7-b45d725a035c", "value": "02790f2215163d67740913c73356c244", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545148", "to_ids": true, "type": "sha1", "uuid": "c0fb67ab-4f70-4057-964e-0be6dd906656", "value": "5cafa0a308a2ee428087f07841710cac42bcd741", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545148", "to_ids": true, "type": "sha256", "uuid": "427fc446-fb14-4308-af61-8d65a59e3578", "value": "f3002ef1164022f0ef93e50d2528da5e9670852df6ed00121c61764d465953c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311955", "to_ids": true, "type": "ssdeep", "uuid": "e4e89098-44e1-4969-a52f-d246be3739e9", "value": "384:2SqD9rVW6tQyJxH7Iw7H/YL3mckVPxIiTrBX3qWLkN:29D9rMhWJIOHsmckVPxIiTp3B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311955", "to_ids": false, "type": "size-in-bytes", "uuid": "fcd49a88-bea1-47ff-8aa2-d6a5aa0a4df8", "value": "18944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311955", "to_ids": true, "type": "vhash", "uuid": "949bd5f3-15d3-4d32-82da-05e74c720809", "value": "1140b75d1515151c051d1048z191mz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311955", "to_ids": true, "type": "filename", "uuid": "4f19334d-e095-4512-95f4-26a0eff1cb6f", "value": "f3002ef1164022f0ef93e50d2528da5e9670852df6ed00121c61764d465953c2.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311955", "to_ids": false, "type": "text", "uuid": "340340b3-8608-495f-bad8-b689f13b511a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:22/72\nFirst Submission:2026-04-21T06:03:37.000000+00:00\nLast Submission:2026-04-21T06:03:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545151", "uuid": "f0395ca0-b95b-4fa8-8750-6245d908fda3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545150", "to_ids": true, "type": "md5", "uuid": "bb900b3d-4311-45a7-9a6a-d5ad254c5413", "value": "c5a58a8d58c93434eefb83aeebc73059", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545150", "to_ids": true, "type": "sha1", "uuid": "65759d3c-d5a5-4e5c-ad84-1d0970071f5d", "value": "f67366b54a5fa3cbcffb8e3229a99697e6943c64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545151", "to_ids": true, "type": "sha256", "uuid": "78c2949b-4cf7-4991-9d79-8726e0c8f8aa", "value": "f3c8ac0d85dbb2f01ada2071d947de5a11ace8c1b2969004f53ec782a61f3e2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311976", "to_ids": true, "type": "ssdeep", "uuid": "f561b26d-4d62-4528-bf8b-fd14525b7abe", "value": "3072:Qdw50aYcaKf0duwCqeYKhXFBEVJsxvDbEKT:b5FY60M3YaYoYE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311976", "to_ids": false, "type": "size-in-bytes", "uuid": "60441cb3-1888-490f-8624-39fb3c94ef59", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311976", "to_ids": true, "type": "vhash", "uuid": "15ef3a0e-6971-4854-8ef0-acd2d6397b10", "value": "115066655d151d055088z58hz13z5ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311976", "to_ids": true, "type": "filename", "uuid": "a5d93021-87be-4e84-a047-17117f895b74", "value": "f3c8ac0d85dbb2f01ada2071d947de5a11ace8c1b2969004f53ec782a61f3e2a.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311976", "to_ids": false, "type": "text", "uuid": "b20d0db9-9a40-4e13-aa26-8beffb116471", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-20T23:10:47.000000+00:00\nLast Submission:2026-04-20T23:10:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545153", "uuid": "8f7077e4-9ad9-4124-89f2-85e525764262", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545153", "to_ids": true, "type": "md5", "uuid": "690d3e37-375b-4fc7-b9a0-0259385bdd1d", "value": "bcaa6b8922fad5ebd9de25ac39c00a20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545153", "to_ids": true, "type": "sha1", "uuid": "c67884b7-5c98-407b-81bb-768379edd273", "value": "932bafaaa1d8e159d6ebe8ffe62fc652d9a523e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545153", "to_ids": true, "type": "sha256", "uuid": "405861b9-64da-47d6-81e1-ff13c899423d", "value": "f3e92fc9b1d1a14e24656660b839fc37c0d53af8a73dadc6698751f096f8c89b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777311998", "to_ids": true, "type": "ssdeep", "uuid": "20c32b20-a859-47d9-a44e-cc321f789f8a", "value": "1572864:4CLJwS8AAAIVO58E8MmMwviJrrDuxNq9SbMs5tS4NJEtat9u3eyAfqut+y7usi/3:TYy8MLf555" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777311998", "to_ids": false, "type": "size-in-bytes", "uuid": "58b6f7dc-c3be-4598-b440-5a162a01ac00", "value": "186384464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777311998", "to_ids": true, "type": "vhash", "uuid": "629370c7-5a2d-463a-8cfa-030a9bd6ba98", "value": "0180f6656d156550161d14z1c2zff3z52z143z77z3001f334zc59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777311998", "to_ids": true, "type": "filename", "uuid": "70e7f623-99d2-49d8-ab32-8c4ba1ba50f9", "value": "Evernote" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777311998", "to_ids": false, "type": "text", "uuid": "4c7f2081-4e73-4377-91ea-ffc15ed55cbd", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2024-11-19T18:09:04.000000+00:00\nLast Submission:2025-02-19T15:26:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545156", "uuid": "278012bd-fb40-44e7-b177-3e46a94ae3e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545155", "to_ids": true, "type": "md5", "uuid": "ec8b4325-7860-4cb2-aa4d-d4dc357a4cb6", "value": "d6d48653fb4a2929cc99f48c62bb7814", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545155", "to_ids": true, "type": "sha1", "uuid": "738b6ffb-81f8-49af-b4cd-b60250e6919a", "value": "872b46180ef455f633de83ed51efd4499bbef0f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545156", "to_ids": true, "type": "sha256", "uuid": "b47846f2-75df-42f8-877b-2396611cd7fc", "value": "f4395adc2281a0c61316cc2d061a3c8e10ccea229017142bf65468fd2f723f9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777312020", "to_ids": true, "type": "ssdeep", "uuid": "326d2117-2055-4282-900a-1a849c50d5c6", "value": "6144:pHra3QnEgKkR4qVuqsra3QnEgKkR4qVuqGDR:pLiQnEgKkRzIRiQnEgKkRzIZ9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777312020", "to_ids": false, "type": "size-in-bytes", "uuid": "22a51ade-0bd7-4db6-8dbb-10b842e3e8b7", "value": "423936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777312020", "to_ids": true, "type": "vhash", "uuid": "4f57433e-3216-42f8-a49f-09d44747d335", "value": "245036155511c0829c1024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777312020", "to_ids": true, "type": "filename", "uuid": "ad757d88-2477-4032-b492-006b686260bf", "value": "PE.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777312020", "to_ids": false, "type": "text", "uuid": "57f2a6c6-9dc2-465d-8577-cb77c613e266", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:36/71\nFirst Submission:2026-01-31T05:55:24.000000+00:00\nLast Submission:2026-01-31T05:55:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545158", "uuid": "1bb9a8b8-5433-4233-bb50-135e46d9c37c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545158", "to_ids": true, "type": "md5", "uuid": "478b975b-534f-423c-b078-442aa28b08a6", "value": "6c4db977b74639c18c13181a45a85c28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545158", "to_ids": true, "type": "sha1", "uuid": "d7090d3e-de73-495c-9632-54fc6a6b1907", "value": "ef7aad71da3d2f6bdcf8b05179757cd54e1dba5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545158", "to_ids": true, "type": "sha256", "uuid": "a6b8aaf1-9c08-4ee1-8652-7f6d307a967c", "value": "f5bca83fea9b4e43f8ceb3ebc453b2cf0f3be8d5cecbc5a7681c75ef567a5c53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777312063", "to_ids": true, "type": "ssdeep", "uuid": "fb82f007-95c2-422c-80d0-a501238e8f94", "value": "1536:lSS28AvV9hYi2pQ8paAk8FdkTH4S1s8BKJ6TocMvUxETsWhXdM9dlr0PLg5jBK:svz68dA1Fd4Yu46T/MMxmNkV0PLg5jB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777312063", "to_ids": false, "type": "size-in-bytes", "uuid": "2f427f4a-bc1a-4240-b176-a5503ce4986b", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777312063", "to_ids": true, "type": "vhash", "uuid": "a79e1058-0634-4b6e-840b-726a012419cf", "value": "115066655d151d055088z57hz13z51z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777312063", "to_ids": true, "type": "filename", "uuid": "dada0608-e1bc-4f37-b5e8-847a0d38ed15", "value": "lrhc6u.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777312063", "to_ids": false, "type": "text", "uuid": "13906f94-19c4-443b-a252-f895defb1f63", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/XWorm.SXB!MTB\nVT Total Detection:44/71\nFirst Submission:2026-04-20T23:17:35.000000+00:00\nLast Submission:2026-04-20T23:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545162", "uuid": "1939a179-656a-4131-8fa8-0bbf93e7a8e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545160", "to_ids": true, "type": "md5", "uuid": "ea05d87b-1605-4c94-a794-db095e876a96", "value": "ac54e0d456c3f263af898175e2037935", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545161", "to_ids": true, "type": "sha1", "uuid": "8878358b-3d72-40bf-a532-ca2c36ecff7a", "value": "94371f52a0e351313924d9cd35bb2a8a880f9fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545162", "to_ids": true, "type": "sha256", "uuid": "76fccadd-ede9-4c69-b164-21801a7836d6", "value": "f5ebebae395a538ee55b850c09eaf4d984b16c3a12b0a305091022daf5ae30e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777312106", "to_ids": true, "type": "ssdeep", "uuid": "760ef832-cbf5-43dc-aede-037be5a1c24e", "value": "3072:I/azEnyFSpckqn/JqxJxSjjwbckVPxIiTRQfol:IuEyY2n0Eg6fol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777312106", "to_ids": false, "type": "size-in-bytes", "uuid": "0fcab013-4558-46a8-9953-27fa559e20b1", "value": "110080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777312106", "to_ids": true, "type": "vhash", "uuid": "12100767-eef4-4d7b-87e1-13a7fe77a76a", "value": "115066655d155d055018z5anz3dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777312106", "to_ids": true, "type": "filename", "uuid": "50675be0-6601-4329-9d8c-b5554af7dee0", "value": "f5ebebae395a538ee55b850c09eaf4d984b16c3a12b0a305091022daf5ae30e1.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777312106", "to_ids": false, "type": "text", "uuid": "525fba6c-6dcb-4371-a576-6fb16b3285da", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:15/72\nFirst Submission:2026-04-20T23:17:34.000000+00:00\nLast Submission:2026-04-20T23:17:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545165", "uuid": "125ef6ff-58e2-4db6-99a5-df837af9bc07", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545164", "to_ids": true, "type": "md5", "uuid": "a5d19d92-9314-475f-ad34-2705c57b21d4", "value": "9cd67a13c350820d05b38be042d34e50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545164", "to_ids": true, "type": "sha1", "uuid": "6eb46b5f-2df7-4bd6-a3ca-74b7f5cfe5ff", "value": "d9791447bcbf41a2ea3ae79c778233024ab0ff3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545165", "to_ids": true, "type": "sha256", "uuid": "b02f0179-8ea8-4618-99b0-e5d5b85ac078", "value": "fc5379b558a1fffa024063a183959199845b50031c80aa48792064d7b20934a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777312149", "to_ids": true, "type": "ssdeep", "uuid": "d5664da4-b033-4dcd-984c-26a5570697eb", "value": "3072:iEe/mXk5DIMGyCQbUAdtE/TvrXT/7nM4L3zm2Q9ZVbZacTChsrf2k:ioXiDb0MUAdtu0t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777312149", "to_ids": false, "type": "size-in-bytes", "uuid": "f15ec850-7446-4259-9b1e-571aff9a4a74", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777312149", "to_ids": true, "type": "vhash", "uuid": "5fa7a198-6eb7-4928-aecb-fa67d5a3a8f0", "value": "115066655d155d055az56nz3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777312149", "to_ids": true, "type": "filename", "uuid": "8a97d075-4668-4234-96b1-1aa696bf67cd", "value": "fc5379b558a1fffa024063a183959199845b50031c80aa48792064d7b20934a0.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777312149", "to_ids": false, "type": "text", "uuid": "c11aba24-febd-4d7c-a50a-4d52a4335ac5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-20T23:10:39.000000+00:00\nLast Submission:2026-04-20T23:10:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545167", "uuid": "dab38a95-dd7f-441c-a105-ac3fb6e27b23", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545166", "to_ids": true, "type": "md5", "uuid": "b92d4cbd-4386-412d-aa15-085110c4946f", "value": "66e4e34f739d35b308217921fd4a6649", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545167", "to_ids": true, "type": "sha1", "uuid": "9b192765-4cbe-4a5a-9ccb-ace59a10a84f", "value": "482533baa7929bd157c1b1f36e405f98272366dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545167", "to_ids": true, "type": "sha256", "uuid": "315c177e-342a-4cda-898b-fccf869b0e5b", "value": "fe3ddef235a62941b2358d67089023e2650efa0e04bdf927f4ae2a07cb43d392", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777312170", "to_ids": true, "type": "ssdeep", "uuid": "e0282768-5c65-44d7-8c62-f425bd77b35f", "value": "3072:I6Jmr+iAoqMBKAWyCnQdH6dG+SHVX/oXI81G4QlD:IBr4ohYG6d1S1jN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777312170", "to_ids": false, "type": "size-in-bytes", "uuid": "4c2149fa-6840-4ccb-b96b-d070269360a0", "value": "147968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777312170", "to_ids": true, "type": "vhash", "uuid": "17f783b1-1c39-49ec-98f4-a3f1448276c8", "value": "015066655d155d055az4anz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777312170", "to_ids": true, "type": "filename", "uuid": "3f7491ba-da48-46a4-b142-8a828563cf29", "value": "fe3ddef235a62941b2358d67089023e2650efa0e04bdf927f4ae2a07cb43d392.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777312170", "to_ids": false, "type": "text", "uuid": "83f09707-4049-4fd7-b1db-97023ab85c8b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:29/71\nFirst Submission:2026-04-21T00:46:12.000000+00:00\nLast Submission:2026-04-23T04:56:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545170", "uuid": "98c2cce7-2e83-4ef6-94da-3b942df56461", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545169", "to_ids": true, "type": "md5", "uuid": "30b28ced-c980-4119-b852-9e07fbdac1a5", "value": "48512fd657d80c8df8eacdae1a6e7f50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545169", "to_ids": true, "type": "sha1", "uuid": "05217800-d25d-45b4-92c8-259c86af2d97", "value": "647b7ef6c705eb043752308dfb94b581446a119c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545170", "to_ids": true, "type": "sha256", "uuid": "a0e351cf-0577-4e07-8c88-414f111db16a", "value": "ff2a0e8e8d8a536bd506d9b79b9db5f2435dc20060f724e040838c1a71b39600", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777312192", "to_ids": true, "type": "ssdeep", "uuid": "565dcaba-575c-46bc-bac7-86b419c5f1cc", "value": "3072:sTSriAfIJGupGCBQbfQMPOGQs/GWmATME5JAST/2njLhbCDvmSOo2iePG3ufWCMf:5fSGwDMfQMP5A4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777312192", "to_ids": false, "type": "size-in-bytes", "uuid": "e0d589fa-37f5-40a2-a172-1427cbf98170", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777312192", "to_ids": true, "type": "vhash", "uuid": "9db20d37-ecf4-4de3-aca3-2f5d86b2966d", "value": "115066655d155d055az567z209bz31z4az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777312192", "to_ids": true, "type": "filename", "uuid": "75914a08-0b32-4aab-8621-22c83b0a7669", "value": "lnlinhcpb.exe" }, { "category": "Other", "comment": "Checked: 27/04/2026\nLast-scan\t: 24/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777312192", "to_ids": false, "type": "text", "uuid": "e77e5688-af10-4818-b856-603567e23c4f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:32/71\nFirst Submission:2026-04-24T10:09:19.000000+00:00\nLast Submission:2026-04-24T10:09:19.000000+00:00" } ] } ] } }