{ "Event": { "analysis": "1", "date": "2026-05-13", "extends_uuid": "", "info": "[Threat Intel] LBIOC-20260071 - The Gentlemens Leak", "protected": false, "publish_timestamp": "1779547218", "published": true, "threat_level_id": "2", "timestamp": "1779547217", "uuid": "7deedbeb-d693-43a5-a067-afbaf9b06834", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"the gentlemen\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#3970d7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": "" }, { "colour": "#fda248", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Services - T1569\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778670007", "to_ids": false, "type": "text", "uuid": "48b5b066-9a48-4fb4-b903-705402ae2139", "value": "The Gentlemen is an active ransomware and extortion operation that emerged publicly in the second half of 2025, rapidly escalating into a high-volume threat actor. The group appears to be a continuation or reorganization of prior ransomware affiliate activity, with reported connections to the Qilin ecosystem and the Russian-speaking actor 'hastalamuerte.' This growth likely reflects existing ransomware experience, affiliate relationships, and access to established resources. Underground sources indicate attempts to sell data allegedly connected to The Gentlemen ransomware activity, though the available information lacks sufficient victim-specific or technical details to confirm authenticity. The operation utilizes SystemBC for command and control communications and deploys ransomware variants targeting both Windows and Linux systems." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778670007", "to_ids": false, "type": "text", "uuid": "f26c766e-071b-48a6-ad2e-520ee3326651", "value": "Name: LBIOC-20260071 - The Gentlemens Leak\nAuthor: AlienVault\nAdversary: The Gentlemen\nTags: [\"hastalamuerte\", \"linux\", \"systembc\", \"ransomware\", \"the gentlemen\", \"affiliate\", \"data-leak\", \"windows\", \"powerrun\", \"killav\", \"qilin\", \"extortion\"]\nTgtd countries: []\nMlwr families: [\"The Gentlemen\", \"SystemBC\", \"KillAV\", \"PowerRun\"]\nAttack_ids: [\"T1047\", \"T1489\", \"T1082\", \"T1071\", \"T1016\", \"T1090\", \"T1059\", \"T1083\", \"T1049\", \"T1497\", \"T1204\", \"T1057\", \"T1027\", \"T1486\", \"T1573\", \"T1569\", \"T1018\", \"T1105\", \"T1490\", \"T1529\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778670007", "to_ids": false, "type": "threat-actor", "uuid": "17932e6b-5b5e-4558-9b9f-000ec13ae560", "value": "The Gentlemen" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001209", "to_ids": true, "type": "ip-dst", "uuid": "caee1f01-77d7-46a0-9700-6a379328f2aa", "value": "91.107.247.163", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001230", "to_ids": true, "type": "ip-dst", "uuid": "279c4e76-c63c-4efb-95ec-cb6e401e211e", "value": "45.86.230.112", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547215", "to_ids": true, "type": "sha256", "uuid": "fa75d2df-4307-4075-bac0-62c447dd96f6", "value": "c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547217", "to_ids": true, "type": "sha256", "uuid": "9446bd1e-5041-4089-987f-e542ce717d30", "value": "fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778980193", "to_ids": false, "type": "link", "uuid": "ab07e395-9f19-4bc5-af62-b03cbb74cf1b", "value": "https://radar.offseq.com/threat/lbioc-20260071-the-gentlemens-leak-c18cd0f4" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547159", "uuid": "8ddf37f2-643e-449a-b0aa-267ed12beb43", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547158", "to_ids": true, "type": "md5", "uuid": "b9a66a8e-e558-4af8-9673-53e3fb6a1554", "value": "a88daa62751c212b7579a57f1f4ae8f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547158", "to_ids": true, "type": "sha1", "uuid": "03a29851-713d-4b72-9d1a-891eb09d5b34", "value": "c0979ec20b87084317d1bfa50405f7149c3b5c5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547159", "to_ids": true, "type": "sha256", "uuid": "2e0edf9a-f98d-44ac-9864-27d9151bfef3", "value": "7a311b584497e8133cd85950fec6132904dd5b02388a9feed3f5e057fb891d09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997169", "to_ids": true, "type": "ssdeep", "uuid": "ba9e5839-0e1e-43f5-b2cf-3c04239a7b53", "value": "49152:wy5C2QEHBlOJFZycoQbNiT53WE19+5ha0qDpCa8yv:wy5jBlOJFg99+5ha0qDpCa8yv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997169", "to_ids": false, "type": "size-in-bytes", "uuid": "ce60146a-28fd-45c2-9f38-3e247525c01e", "value": "3179642" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997169", "to_ids": true, "type": "vhash", "uuid": "06102048-c616-48e3-bb9e-c36a61f8b070", "value": "0361476d1555655c0d1d1068z523z2@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997169", "to_ids": true, "type": "filename", "uuid": "54ef849f-73b5-4332-aa2b-5ff3259492ef", "value": "7a311b584497e8133cd85950fec6132904dd5b02388a9feed3f5e057fb891d09.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997169", "to_ids": false, "type": "text", "uuid": "d2ce3e21-90d1-4287-bde3-5df850bd7a76", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/RinkhalsTamper.A\nVT Total Detection:55/71\nFirst Submission:2024-12-21T14:55:45.000000+00:00\nLast Submission:2025-08-07T17:17:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547161", "uuid": "1fbdc5e7-b2e4-4c6f-9ce1-8816e8c490e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547161", "to_ids": true, "type": "md5", "uuid": "c02209cb-a410-4842-9d68-16355dbeed3d", "value": "408dd6ade80f2ebbc2e5470a1fb506f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547161", "to_ids": true, "type": "sha1", "uuid": "4f3128c3-d5f9-4d44-a7e0-d9c2a46b03a1", "value": "e00293ce0eb534874efd615ae590cf6aa3858ba4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547161", "to_ids": true, "type": "sha256", "uuid": "5a5d01b2-a3b1-4f51-bf9d-2bef970f1628", "value": "4c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997191", "to_ids": true, "type": "ssdeep", "uuid": "d66df4fc-d30f-4c50-9975-40467bc47f49", "value": "12288:faWzgMg7v3qnCiLErQohh0F4cCJ8lnyuQ4BgWlRPT03:CaHMv6CTrjcnyuQ4hRPo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997191", "to_ids": false, "type": "size-in-bytes", "uuid": "a60d53fd-7c48-4e41-b256-fb3f6b21af8e", "value": "783016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997191", "to_ids": true, "type": "vhash", "uuid": "47ba49f9-38e1-4d56-81e4-b1c0fc843f9b", "value": "075046655d156220b02002300a66z1410043ze2za0030e039z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997191", "to_ids": true, "type": "filename", "uuid": "eb6d7436-9093-467f-9796-e58f1334bbfa", "value": "PowerRun.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997191", "to_ids": false, "type": "text", "uuid": "207d7ee6-b30f-4c7b-9ead-cd35900d3824", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win32/PowerRun!AMTB\nVT Total Detection:32/71\nFirst Submission:2022-02-02T10:41:48.000000+00:00\nLast Submission:2026-05-16T22:48:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547165", "uuid": "6b278398-8675-4efd-822f-55acfbe1e1cf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547164", "to_ids": true, "type": "md5", "uuid": "712c9aee-373d-4460-9958-de33f22c029a", "value": "4200b46a93c6ab059e2b34ce200c4a5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547164", "to_ids": true, "type": "sha1", "uuid": "2148b4e8-e575-4524-a668-29f61ee6ba3c", "value": "42bcc743c71a9ea083c1c750a398110582796762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547165", "to_ids": true, "type": "sha256", "uuid": "d76f681a-b211-4382-90eb-4f2ed736e786", "value": "3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997213", "to_ids": true, "type": "ssdeep", "uuid": "bf1ad410-1f1c-40c6-a124-bf38251bc468", "value": "49152:Dl5LxQaoySboC9C5ZtPzKgv5bQgZ3tA5m25ElcY:DHS3EX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997213", "to_ids": false, "type": "size-in-bytes", "uuid": "00908b8c-9b98-4eac-b39e-20117e728190", "value": "2962944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997213", "to_ids": true, "type": "vhash", "uuid": "2e987947-4c89-4c32-918d-45a72677d742", "value": "026086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997213", "to_ids": true, "type": "filename", "uuid": "fd37bc0c-6d59-411f-a568-59b20ac1273a", "value": "3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997213", "to_ids": false, "type": "text", "uuid": "facbac7d-f1d8-467d-af05-23d29f050ebc", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:55/71\nFirst Submission:2025-10-19T16:58:34.000000+00:00\nLast Submission:2026-05-15T13:53:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547167", "uuid": "34b099cb-9e47-41ed-b8bb-910138aeed0e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547167", "to_ids": true, "type": "md5", "uuid": "366e8305-315a-4aa3-b237-4e48853a02d8", "value": "de1a114a2c5552387a1bbb61501bf129", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547167", "to_ids": true, "type": "sha1", "uuid": "91937850-0a08-4157-805f-7ab42ba1f10c", "value": "d6aaed67606d6dab0f652c755d3d363025f60adb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547167", "to_ids": true, "type": "sha256", "uuid": "d3329bee-adc8-4251-9b7f-a24f7b204141", "value": "62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997235", "to_ids": true, "type": "ssdeep", "uuid": "c4de668e-a0ed-48c8-aa21-1a1c50a89e1b", "value": "49152:NZOwuHOMjxbtjNE9EJv9Jh1bPgZDts5mm5ElcY:NCxH/EX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997235", "to_ids": false, "type": "size-in-bytes", "uuid": "f3229bae-9618-4d95-84a8-20ea8a608ccb", "value": "3280900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997235", "to_ids": true, "type": "vhash", "uuid": "41ee237a-9cd9-467d-af75-9613a40288d8", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997235", "to_ids": true, "type": "filename", "uuid": "18332091-aa80-4c27-816a-c7d3ec429e61", "value": "6bxljka.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997235", "to_ids": false, "type": "text", "uuid": "6ea5fa47-5f6c-4ccb-aed8-dd4a66fc821b", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:49/71\nFirst Submission:2025-12-01T15:12:54.000000+00:00\nLast Submission:2025-12-01T15:12:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547170", "uuid": "1939bfc8-2af1-4430-a084-67755c9a00a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547169", "to_ids": true, "type": "md5", "uuid": "9feb85bd-df73-4bc2-bdfc-0af7e6f82aa5", "value": "0b33a1a23b044beb5c9a63aafd35595c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547170", "to_ids": true, "type": "sha1", "uuid": "dee95dc3-499b-4709-9d6d-3520e4b5eb8b", "value": "00ff099e3cf7b548a7a0260cde8ac2f24a746da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547170", "to_ids": true, "type": "sha256", "uuid": "c959a52c-9fb9-4aea-9686-cc44186e820b", "value": "860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997257", "to_ids": true, "type": "ssdeep", "uuid": "730e8968-dd55-4e4f-b7ad-178bfb02f9c5", "value": "49152:8zsqmpUIjZ89DZWWI4Zr4CkdQoUjhdZmGfi4gNJoX3kw5ElcYB9nwPDC7bODth5a:8z7mDhd5KX3kCEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997257", "to_ids": false, "type": "size-in-bytes", "uuid": "456042c8-b817-4129-96ac-49858355131d", "value": "3971072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997257", "to_ids": true, "type": "vhash", "uuid": "ac6cb0a1-a813-44d6-9bbd-4041c9d807da", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997257", "to_ids": true, "type": "filename", "uuid": "1459b5bf-0561-44c1-93e3-0cb2078e7f3e", "value": "2026-02-11_0b33a1a23b044beb5c9a63aafd35595c_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997257", "to_ids": false, "type": "text", "uuid": "0da56948-7a2c-4294-aa07-809b79ca2f3c", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:55/71\nFirst Submission:2026-02-07T19:02:20.000000+00:00\nLast Submission:2026-02-11T01:48:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547173", "uuid": "d1174a38-6df9-4f87-bd54-0a1992602278", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547172", "to_ids": true, "type": "md5", "uuid": "140e9327-01dd-44ed-ac19-24f1f58b09eb", "value": "f4ae5b89db5a6a36dbd98287ab7c860a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547172", "to_ids": true, "type": "sha1", "uuid": "17a37b25-9dcc-4180-b7e3-fd8b3ec6fcd1", "value": "36d968425629b10f38be17787f8afe4b8afa131e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547173", "to_ids": true, "type": "sha256", "uuid": "1f5c0e51-63e8-46a6-94d0-5c1be1b88731", "value": "992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997278", "to_ids": true, "type": "ssdeep", "uuid": "9f45b690-a3a6-4d8e-b131-a6a93b4fa6a1", "value": "768:B8FafRsX+kyVmQzDe1NDArRjoFK/gRoJGGcra:BbsX+kyVJiosKYRo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997278", "to_ids": false, "type": "size-in-bytes", "uuid": "01c0f540-2357-4214-a2fa-7d17d482e32e", "value": "32768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997278", "to_ids": true, "type": "vhash", "uuid": "8377e76a-7aac-4b67-b156-f52e7600d32c", "value": "034046555d551083z22z227z31z11zb012z16z37z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997278", "to_ids": true, "type": "filename", "uuid": "b5f7e9a5-f9c7-4ce5-9e9a-1256a1e3f62c", "value": "tkja.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 11/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997278", "to_ids": false, "type": "text", "uuid": "7e428fa4-a765-468a-87b7-72ba3d9bcb67", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Coroxy.A\nVT Total Detection:62/71\nFirst Submission:2026-02-26T05:09:29.000000+00:00\nLast Submission:2026-02-26T06:22:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547175", "uuid": "e650c6d2-f193-4855-bd9c-f7c0aa42598b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547174", "to_ids": true, "type": "md5", "uuid": "61937fe3-73c6-48ef-9af0-43f5123ac16a", "value": "30b49ae2f685d4403d3013410f80c2e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547175", "to_ids": true, "type": "sha1", "uuid": "10febb49-493d-486e-a9e5-8a12b691a402", "value": "68225c5613afe2174ed46e074147676b0f9a3915", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547175", "to_ids": true, "type": "sha256", "uuid": "f6d1c3af-adf6-45f4-9edf-3f3ca6081e02", "value": "8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997300", "to_ids": true, "type": "ssdeep", "uuid": "da6529c8-d000-42d6-83f1-844b47216bc5", "value": "49152:dI2C9Fgt/jn6UxasuojbX6VpW1KdeC8bQPUVAn5ElcYc:Gr9FgZ6UQiX6XPz5EXc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997300", "to_ids": false, "type": "size-in-bytes", "uuid": "9353dba7-bcf3-45a0-8a2d-dae64a66460b", "value": "3128320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997300", "to_ids": true, "type": "vhash", "uuid": "946b41d9-f180-4b0a-8910-9c0a19b97f2d", "value": "036066655d7d15641az2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997300", "to_ids": true, "type": "filename", "uuid": "4d025bda-b397-4a17-bd52-e67d28474357", "value": "12d00z4y.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997300", "to_ids": false, "type": "text", "uuid": "5334d9e8-07df-4fc2-9e75-7f5082c66af5", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:50/71\nFirst Submission:2025-12-02T04:39:29.000000+00:00\nLast Submission:2025-12-02T04:39:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547178", "uuid": "4882eeda-6d1b-47fa-9688-aa6f565de262", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547177", "to_ids": true, "type": "md5", "uuid": "b163f66f-38b6-4a8b-bcb8-32b0440d6c65", "value": "5f5bf7fc7a9ac89ce0bbb07bd1160078", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547177", "to_ids": true, "type": "sha1", "uuid": "ba413015-721c-4ed7-97b9-ca785d310f7f", "value": "5264a94271d875675336a503c94ece0baceb58c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547178", "to_ids": true, "type": "sha256", "uuid": "d8877d88-552c-406f-9191-bb636cbf9a29", "value": "ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997322", "to_ids": true, "type": "ssdeep", "uuid": "28a8f033-183f-4d64-a871-24dfbd0a78b6", "value": "49152:x4No/UEhL6jSHeHGvvYOXmkxm3DL7TiiddCj2oHMv6kw512d5ElcY:x4AnTm3DL7Tiidd/hEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997322", "to_ids": false, "type": "size-in-bytes", "uuid": "a5e68224-3c1a-4f58-ac85-379f8871212b", "value": "3214336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997322", "to_ids": true, "type": "vhash", "uuid": "60214d92-6063-415f-9098-83566bd19b38", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997322", "to_ids": true, "type": "filename", "uuid": "c2c51bc7-543f-4217-af1b-5d3128915402", "value": "pac.dll" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997322", "to_ids": false, "type": "text", "uuid": "50da486e-42e9-4f8b-aec9-e05de6030889", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:52/71\nFirst Submission:2025-11-18T16:41:55.000000+00:00\nLast Submission:2025-12-04T08:01:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547180", "uuid": "9362088b-9b12-4705-9101-9c7bec7cbb58", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547179", "to_ids": true, "type": "md5", "uuid": "67286136-ad43-4c23-b801-44bf41bcbeba", "value": "6ae7c9a7ea0b8c40a64225734f6bd01d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547180", "to_ids": true, "type": "sha1", "uuid": "2a374123-b5da-4c4d-8a18-fd989807fb84", "value": "8468cb5888fb383d25f9144c2b2f61c414cea3f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547180", "to_ids": true, "type": "sha256", "uuid": "f3097a8b-39ba-49c6-9842-97d6b1275102", "value": "c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997344", "to_ids": true, "type": "ssdeep", "uuid": "492e2783-d3e3-4b49-b812-11e1afcad311", "value": "49152:ailDmmQw2iK2EY2spo4/ODIujYaqZGwfh4gpvTeE5EbAk6+cJz9nwPDC7bODth5a:aiFGvbSre2EU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997344", "to_ids": false, "type": "size-in-bytes", "uuid": "9afbad18-1710-40d9-8289-8a5b9655a68f", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997344", "to_ids": true, "type": "vhash", "uuid": "3855e4c5-dcc5-47ba-a5f2-05be8817cbe3", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997344", "to_ids": true, "type": "filename", "uuid": "1120da5c-6c93-4bf1-99bd-88cca2c16448", "value": "4jp2foriy.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997344", "to_ids": false, "type": "text", "uuid": "fea01f6c-62bc-42bd-af5c-da5f01fefbaf", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-03T11:22:28.000000+00:00\nLast Submission:2026-04-03T11:28:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547183", "uuid": "067ec104-aab1-49e2-aedf-cd6b959bc732", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547182", "to_ids": true, "type": "md5", "uuid": "6c2c2428-5f52-4435-ae6e-88d5716a68bd", "value": "7f11809925adc6657e84165fdf780816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547182", "to_ids": true, "type": "sha1", "uuid": "edfb05c9-c01d-470e-a3f2-84d467361144", "value": "54a207ed34d83d1f71d34d4ad538e8221ffba259", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547183", "to_ids": true, "type": "sha256", "uuid": "4f5ae7b5-3923-4c8c-9b01-9065d51d0def", "value": "025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997366", "to_ids": true, "type": "ssdeep", "uuid": "5ce9c8b7-fd77-4e34-9939-45209a860dbb", "value": "49152:0ZOwuHOMjxbtjNE9EJv9Jh1bPgZDts5mj5ElcY:0CxHeEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997366", "to_ids": false, "type": "size-in-bytes", "uuid": "996c19b5-94b0-438d-be12-11d38b4a6949", "value": "2963456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997366", "to_ids": true, "type": "vhash", "uuid": "c58c2a7a-0976-4d19-9d92-f077d267ea78", "value": "026086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997366", "to_ids": true, "type": "filename", "uuid": "c318cf34-9f85-4db1-8b5d-6aaabc51ec8f", "value": "dona.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997366", "to_ids": false, "type": "text", "uuid": "08a859ea-118c-4635-8531-1177f0f96f8d", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte!MTB\nVT Total Detection:47/71\nFirst Submission:2025-12-01T05:36:36.000000+00:00\nLast Submission:2025-12-09T03:19:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547185", "uuid": "c3da66b8-60b8-43e2-abab-408552b1daef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547185", "to_ids": true, "type": "md5", "uuid": "89e20200-d44c-472a-bfac-d0ea7dcd6209", "value": "0a454a07e071971832985701bc6e9164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547185", "to_ids": true, "type": "sha1", "uuid": "c387dac9-0ba7-416a-b092-942d4e69715d", "value": "d875d7e99f45c87e667dbebb8d8596182bdb94df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547185", "to_ids": true, "type": "sha256", "uuid": "781eab46-ead7-4716-bd52-0cfa66909d4e", "value": "2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997388", "to_ids": true, "type": "ssdeep", "uuid": "26af568e-065e-497e-9c88-6422d143624d", "value": "49152:JZOwuHOMjxbtjNE9EJv9JhRbPgZDts5me5ElcY:JCx7HEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997388", "to_ids": false, "type": "size-in-bytes", "uuid": "f5a19bfc-07cd-4df7-93db-de74e35723df", "value": "3280900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997388", "to_ids": true, "type": "vhash", "uuid": "315f51f3-0672-44e3-bebf-08b44ef29a55", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997388", "to_ids": true, "type": "filename", "uuid": "bc47f8f0-6a22-4bb4-8f34-37270ff1532f", "value": "4fcyaik.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997388", "to_ids": false, "type": "text", "uuid": "a23d56ec-667d-42d7-bc4c-65fcbedbc8a9", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:55/71\nFirst Submission:2025-12-15T20:09:45.000000+00:00\nLast Submission:2025-12-15T20:09:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547188", "uuid": "183f8ca7-2ca5-4a09-b54e-a735f9386b49", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547187", "to_ids": true, "type": "md5", "uuid": "d706ee9c-a1d6-4505-8dfa-c460b2bf93fb", "value": "7a89b347beb55f63dbcbcfc0beedbe43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547188", "to_ids": true, "type": "sha1", "uuid": "8aff631a-a99c-413a-8741-7e2574681b13", "value": "716e39bbc93fd4b394d9e6ef7c29aef1adc7dcb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547188", "to_ids": true, "type": "sha256", "uuid": "e70226b4-0a73-4c52-a4bb-db6c59f8ff85", "value": "48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997409", "to_ids": true, "type": "ssdeep", "uuid": "0be853f2-643b-46fa-a532-f6022b717266", "value": "49152:UPb8MvCRH682J9ikm3SYMQHRZ8jrVVZNwfx14gGvmF+5ElcYB9nwPDC7bODth5yz:UPYBL15XFUEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997409", "to_ids": false, "type": "size-in-bytes", "uuid": "d9185e7c-fba5-4d13-993a-3c0e925e8d46", "value": "3963904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997409", "to_ids": true, "type": "vhash", "uuid": "04f60fcb-4f49-41df-8aa3-6c3a6e299fdf", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997409", "to_ids": true, "type": "filename", "uuid": "a1044f1f-57ba-4790-96a6-9c975f17bf6a", "value": "win.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997409", "to_ids": false, "type": "text", "uuid": "a76dbc4e-1eb2-4e20-bb58-158ce895692f", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:52/71\nFirst Submission:2026-03-03T00:07:19.000000+00:00\nLast Submission:2026-03-03T06:38:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547191", "uuid": "7fe1eb59-6e4e-414d-b6a8-d7fd04a298d9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547190", "to_ids": true, "type": "md5", "uuid": "5a2caeb4-8e72-48a5-9e9c-77d06e174320", "value": "0f9cd505df07e4ebfff3fe61b689e527", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547190", "to_ids": true, "type": "sha1", "uuid": "acab5cf6-8894-49b0-8bb0-74d018e34518", "value": "5d4ae46c14371e20d99b42cc0a683f8d5ec326ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547191", "to_ids": true, "type": "sha256", "uuid": "b25c75f2-748a-407a-be57-6838ecc14249", "value": "5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997431", "to_ids": true, "type": "ssdeep", "uuid": "6dca1676-cfc4-4227-b4e0-fd87f9026f7a", "value": "768:DTH8eORh52N43WIykizkxpR8XgXJ7cuzg4M9iRtHpaWmonfhtICuKw/:D7ORhA4WwpOXS7cuTpTY0ut" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997431", "to_ids": false, "type": "size-in-bytes", "uuid": "e8ab449f-f801-452c-b634-17b0b273b5bb", "value": "36424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997431", "to_ids": true, "type": "vhash", "uuid": "03b51bfc-48ba-425d-8220-6d8b53abbbcc", "value": "5b918728384a365cf6305fe6683495b7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997431", "to_ids": true, "type": "filename", "uuid": "02ac5ea2-f0d9-4392-9b89-0388572bfbd6", "value": "epuucrwbo.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997431", "to_ids": false, "type": "text", "uuid": "da99293a-c03c-4a59-b1f1-e8e64de46e26", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:32/64\nFirst Submission:2026-01-10T15:08:17.000000+00:00\nLast Submission:2026-01-10T15:08:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547192", "uuid": "cd1c22f2-7a02-4e6d-abf2-8bd6a52dc3ff", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547192", "to_ids": true, "type": "md5", "uuid": "d1b983d1-9e5e-45fc-92ba-c9850b31abc2", "value": "05e9d6d239ea29f0427b02a9bc903be7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547192", "to_ids": true, "type": "sha1", "uuid": "79d9b53c-6ac2-4e32-9cd0-06542e2b9833", "value": "23a468d7277902384875d4167a81164bc2bf6e72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547192", "to_ids": true, "type": "sha256", "uuid": "e56f888a-d8a2-4f5a-9d60-b6ef07b0002c", "value": "87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997453", "to_ids": true, "type": "ssdeep", "uuid": "a8383994-e2eb-4578-912c-43eabfca9dcf", "value": "49152:linqC+tAonu2oY4RpGe/nhYj37pZFwfH4gpvAuh5EbAk6+cJz9nwPDC7bODth5yX:liqlbUIuXEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997453", "to_ids": false, "type": "size-in-bytes", "uuid": "315410cc-4a93-4a8c-aaaf-f781583d2452", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997453", "to_ids": true, "type": "vhash", "uuid": "a0e1f1a6-2d70-411c-8b6c-d21315d4edad", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997453", "to_ids": true, "type": "filename", "uuid": "ffdaf2a0-5f61-4fdb-8b61-a2f9fa4066e9", "value": "gp9g29x.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997453", "to_ids": false, "type": "text", "uuid": "758fed96-40be-402a-8fd9-2cbc150fb213", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:56/71\nFirst Submission:2026-03-31T15:00:48.000000+00:00\nLast Submission:2026-04-03T21:23:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547195", "uuid": "66817304-f835-41bf-a534-65b9ebe64b3d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547194", "to_ids": true, "type": "md5", "uuid": "9c630efb-9433-4d6e-b7a1-261921753721", "value": "1e0f4cd09aa4464179933769b5009251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547195", "to_ids": true, "type": "sha1", "uuid": "87f7f5e8-cc3e-4b52-87e7-048c23e51430", "value": "124b943f6e82135b4d680df111ce121a200606dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547195", "to_ids": true, "type": "sha256", "uuid": "c753ebef-9800-4482-8bec-83fb86fc94f3", "value": "91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997474", "to_ids": true, "type": "ssdeep", "uuid": "afbb107d-a9b1-4536-9288-da0302b59670", "value": "49152:1yQzHUkALMZtfx2EASYrHynjNhHMvIhwx/Sgv5ElcYB9nwPDC7bODth5yx30GoP:1y+q4AEXBFwPD+8th5z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997474", "to_ids": false, "type": "size-in-bytes", "uuid": "ca887e5b-0a8b-467d-a1b4-f04cfabe51dc", "value": "3957760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997474", "to_ids": true, "type": "vhash", "uuid": "1a8804df-8a29-4317-9c2c-0b31000b9d3a", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997474", "to_ids": true, "type": "filename", "uuid": "29ba5b3a-b10f-4438-b23b-06f962a56af7", "value": "2026-02-08_1e0f4cd09aa4464179933769b5009251_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997474", "to_ids": false, "type": "text", "uuid": "dece9da8-2119-4482-9e04-7fd134270f50", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:56/71\nFirst Submission:2026-01-14T09:02:48.000000+00:00\nLast Submission:2026-02-08T03:25:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547198", "uuid": "87f1c02f-778b-4f12-b4e8-421260f25a51", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547197", "to_ids": true, "type": "md5", "uuid": "383bd94e-4ca7-4fd8-b49f-5257a3f1a5b1", "value": "4609cbac6772a6c61fcf2745cd3b4362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547197", "to_ids": true, "type": "sha1", "uuid": "b471a311-69e0-41d0-b32c-fa2365c63907", "value": "af4066ca0ae65ac63de6af60f46a9b23bb6dbfee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547198", "to_ids": true, "type": "sha256", "uuid": "19df3804-1888-4735-8794-e293b9ccaa06", "value": "994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997497", "to_ids": true, "type": "ssdeep", "uuid": "3c339663-c0ce-4186-98a5-c76d4c795280", "value": "49152:TQvWgP5dF2vDnaERiMeojrX6qpW1KdeC8bQPUVA35ElcYE:ELdFIaEICX6cPzpEXE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997497", "to_ids": false, "type": "size-in-bytes", "uuid": "67d0e161-fabb-4b05-bda9-2ee389e3845e", "value": "3293188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997497", "to_ids": true, "type": "vhash", "uuid": "f6fb4f9d-2ad4-46b9-9cc3-c9272e83f380", "value": "036066655d6d5564bz2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997497", "to_ids": true, "type": "filename", "uuid": "6e5362ac-d0b6-43d1-a6b5-508e1bdd8614", "value": "y859yn1.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997497", "to_ids": false, "type": "text", "uuid": "9faa77d6-3a04-41d8-b297-5639e78e6039", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:45/71\nFirst Submission:2025-12-02T06:52:44.000000+00:00\nLast Submission:2025-12-02T06:52:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547200", "uuid": "f3dce492-62bf-4e40-bd5f-9626a0935151", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547199", "to_ids": true, "type": "md5", "uuid": "87c338ff-4aea-49b2-83b9-47ee50baab2e", "value": "ed18c524e930cd1c34614f7cc3051dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547200", "to_ids": true, "type": "sha1", "uuid": "81bb6428-2fa0-4424-b397-230600c0043e", "value": "ef4b60f8162dfe20cb96dcae865a912e52459bb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547200", "to_ids": true, "type": "sha256", "uuid": "40bbf141-abf9-4d10-b909-828b30a17283", "value": "9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997518", "to_ids": true, "type": "ssdeep", "uuid": "5d88215f-6188-4776-af27-cf78f9cbefe6", "value": "49152:54No/UEhL6jSHeHGvvYOXmgnj6SHMv6kw512h5ElcY:54An+ZEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997518", "to_ids": false, "type": "size-in-bytes", "uuid": "c66f780d-ef42-4852-83e9-754af296ea1d", "value": "3534852" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997518", "to_ids": true, "type": "vhash", "uuid": "bc02a70f-d1c1-4aed-88fc-5e812355b1ff", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997518", "to_ids": true, "type": "filename", "uuid": "afb19c51-8d57-4c8d-b72d-8b29a9cd2f36", "value": "fdjhkspz.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997518", "to_ids": false, "type": "text", "uuid": "3eecff28-53b9-4913-bc51-03600f78b0b1", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:45/71\nFirst Submission:2025-11-20T02:56:03.000000+00:00\nLast Submission:2025-11-20T02:56:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547203", "uuid": "c1ebd209-e396-490f-86ac-3355f32813ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547202", "to_ids": true, "type": "md5", "uuid": "a90ace4a-61b4-4fbd-8464-a24a88f6a340", "value": "1cc9ae55b1856e4e9796c73f94c2e683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547203", "to_ids": true, "type": "sha1", "uuid": "78bdfa81-86d2-4153-a5b3-ad532e7bf54d", "value": "ebddc99a00bd7a5dcaf7b73349309d970e5c69b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547203", "to_ids": true, "type": "sha256", "uuid": "a53f5afb-49bd-4790-838c-6dd59f5ec14c", "value": "a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997540", "to_ids": true, "type": "ssdeep", "uuid": "eaff92ba-e1a5-4670-9395-861b79fa0276", "value": "49152:QuoWiWA8g8iwfnVqKC9YVjvVqjsLHMvI9wt/eyP5ElcYB9nwPDC7bODth5yx30G7:QuTPdGEXBFwPD+8th5M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997540", "to_ids": false, "type": "size-in-bytes", "uuid": "8f929810-6767-4524-91a8-0b774871a917", "value": "3954688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997540", "to_ids": true, "type": "vhash", "uuid": "97d6b4cb-8ca8-42be-ba34-0ed15a39a5e6", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997540", "to_ids": true, "type": "filename", "uuid": "f9388f24-aa0b-428c-a213-8d5cbe514c19", "value": "2026-04-07_1cc9ae55b1856e4e9796c73f94c2e683_amadey_coinminer_dosia_frostygoop_glassworm_hive_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997540", "to_ids": false, "type": "text", "uuid": "ce1d3fbe-0181-4595-9ca8-2628c8d6ee62", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:47/71\nFirst Submission:2026-01-05T15:10:32.000000+00:00\nLast Submission:2026-04-07T04:34:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547206", "uuid": "91e9fd4a-7a04-48a3-8605-b51b1f8b0311", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547205", "to_ids": true, "type": "md5", "uuid": "28ebbd3a-a1bc-468d-ba7a-d7bfcae823c6", "value": "3b46a729db7ae6af8b19711c9452194d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547206", "to_ids": true, "type": "sha1", "uuid": "a9e4957f-ca89-45db-a522-797b5fdea98f", "value": "5aea74bf3e70f38eb596f8002b3c02514daee4f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547206", "to_ids": true, "type": "sha256", "uuid": "c2789a42-7762-48a9-bd1c-25b2f664d1c0", "value": "b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997562", "to_ids": true, "type": "ssdeep", "uuid": "84e5d5c3-ced6-48b4-ae9d-c1b4b2281865", "value": "49152:ailDmmYw2i62EYW0po4/2m3jeXiZ+wfN4gpv5eP5EbAk6+cJz9nwPDC7bODth5yX:aiFO34ReBEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997562", "to_ids": false, "type": "size-in-bytes", "uuid": "8d2bb39d-9bf1-46be-8f28-63fe4e933d98", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997562", "to_ids": true, "type": "vhash", "uuid": "73927ecd-d236-4152-bdc1-7376a3f89826", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997562", "to_ids": true, "type": "filename", "uuid": "b1f6b5c5-f006-4387-98e5-eb9657b2374e", "value": "kis4vm0jd.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997562", "to_ids": false, "type": "text", "uuid": "b0558fb9-94b7-43d2-843a-76e6eedd4507", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-01T12:09:24.000000+00:00\nLast Submission:2026-04-03T10:06:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547208", "uuid": "48d8e4f0-515f-4d84-b410-69782af6e19c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547208", "to_ids": true, "type": "md5", "uuid": "a2d4b0f6-7290-47cf-8aa4-d9a4eaf2fae1", "value": "a2a13b8da7370f5f4753d81c7958dfcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547208", "to_ids": true, "type": "sha1", "uuid": "11ce3590-450f-467d-8237-4739e82af8fe", "value": "143cb70aede3ba09ae54e1da55c69f0129991f48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547208", "to_ids": true, "type": "sha256", "uuid": "866ac582-89e3-443f-b5f8-21b253277a06", "value": "efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997605", "to_ids": true, "type": "ssdeep", "uuid": "339e0cd0-aba2-45a6-9508-91c3332a14ef", "value": "49152:Y6OykI7cUakFLqFWEacsxBixaEji4ZQGf504gDJo1J55ElcYB9nwPDC7bODth5yX:Y3gfFOW41JvEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997605", "to_ids": false, "type": "size-in-bytes", "uuid": "b1c86465-79f8-4874-bd8b-72206e218375", "value": "3956224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997605", "to_ids": true, "type": "vhash", "uuid": "6e527124-8fe7-43cf-b086-92b960fed3d2", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997605", "to_ids": true, "type": "filename", "uuid": "4e0d2c34-a2a9-4aae-a347-49e3fc9bfd92", "value": "2026-02-06_a2a13b8da7370f5f4753d81c7958dfcb_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997605", "to_ids": false, "type": "text", "uuid": "ed437439-20cc-4b07-a2b7-79b8a4456917", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:53/71\nFirst Submission:2026-01-16T11:38:04.000000+00:00\nLast Submission:2026-02-06T10:43:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547211", "uuid": "ad96e0a7-36b4-4077-8d5c-a5943257bdb0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547210", "to_ids": true, "type": "md5", "uuid": "bf1a4d4b-aef6-4dfc-b5f0-78b855a63c12", "value": "ffb6011e7c82355046988166dd896930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547211", "to_ids": true, "type": "sha1", "uuid": "6803427a-a78d-42a3-ba8d-a9fd714d9e0c", "value": "83c6c1bb37c9071e569aa4b247e54ab763bbf5da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547211", "to_ids": true, "type": "sha256", "uuid": "0af62c7b-c85e-438b-84b6-58b44ed94f86", "value": "f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997628", "to_ids": true, "type": "ssdeep", "uuid": "1bb882f4-f9f8-4cac-a950-8e0c609de76a", "value": "49152:tOXpvfSEikgYDG+EqVkJ4CkdFjUwZ5GfQ4gNJ4w3ka5ElcYB9nwPDC7bODth5yxF:tO58U3dVGw3kwEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997628", "to_ids": false, "type": "size-in-bytes", "uuid": "4a4d5f5c-c249-4277-902a-aa0c8a62c6d2", "value": "3971072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997628", "to_ids": true, "type": "vhash", "uuid": "e13ab707-b168-4dfa-8b42-598229923fb1", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997628", "to_ids": true, "type": "filename", "uuid": "907c37d0-8442-4aee-8521-bfb061bbc3c4", "value": "amd.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997628", "to_ids": false, "type": "text", "uuid": "c48c1307-d9da-4c6f-93a7-842c7dcf52ef", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:54/71\nFirst Submission:2026-02-19T02:42:26.000000+00:00\nLast Submission:2026-02-19T05:01:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547214", "uuid": "0ab23ff9-1e85-4f8e-a51c-54402d613830", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547213", "to_ids": true, "type": "md5", "uuid": "0a24ecda-fb9f-40c0-bb7d-9b3dda1b5c4d", "value": "7b885b446bbd9b450146c88f84c64f30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547213", "to_ids": true, "type": "sha1", "uuid": "520f38d0-ebf3-4e18-ae83-1ba3430cf1aa", "value": "bd79aec521aa9f0cec374d57692b540b7b5a6ea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547214", "to_ids": true, "type": "sha256", "uuid": "7efcf71f-5930-45fc-80be-002e63d957c9", "value": "fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997650", "to_ids": true, "type": "ssdeep", "uuid": "7cf95bb3-6221-4666-84a4-b900debc94bc", "value": "49152:Kj6+4dnfoiSEct2xaSUPDdP/7SsjHE4Z0wfs4gcvpG15ElcYB9nwPDC7bODth5yX:KjHodwdImGLEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997650", "to_ids": false, "type": "size-in-bytes", "uuid": "288d43f0-5b9d-46e6-ac61-ab30557ae685", "value": "3968512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997650", "to_ids": true, "type": "vhash", "uuid": "ac01d016-c409-49dd-95cd-cffadb2388f7", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997650", "to_ids": true, "type": "filename", "uuid": "e0a954bb-0159-4fc7-a7cd-a86973ffae1a", "value": "rxeh0zn3w.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997650", "to_ids": false, "type": "text", "uuid": "73b215be-e5a1-4764-9c8b-6f58ec77ba00", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:53/71\nFirst Submission:2026-03-31T06:45:07.000000+00:00\nLast Submission:2026-03-31T06:45:07.000000+00:00" } ] } ] } }