{ "Event": { "analysis": "1", "date": "2026-03-05", "extends_uuid": "", "info": "[Threat Intel] Remote Access Delivered Through Fake Zoom and Google Meet Calls", "protected": false, "publish_timestamp": "1773997317", "published": true, "threat_level_id": "3", "timestamp": "1773997317", "uuid": "80f0dd87-2c6a-4087-b94f-618d24f2528c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#3bc6ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#cb2725", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Right-to-Left Override - T1036.002\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773054022", "to_ids": false, "type": "link", "uuid": "6e10ac16-877b-47e6-853e-d8f6237024ed", "value": "https://www.netcraft.com/blog/remote-access-delivery-via-fake-meetings", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773054022", "to_ids": false, "type": "text", "uuid": "db2ccafd-a767-4d46-92e0-8431eb855bb9", "value": "A campaign using fake Zoom and Google Meet pages to lure victims into fraudulent video calls has been identified. The attackers use these pages to deliver remote-access software. Multiple domains hosting identical fake meeting pages were discovered, with one domain previously linked to a ClickFix campaign. The fake interfaces show an active meeting with expected participants. When victims join, they are prompted to download a file disguised as a Zoom update. Various payloads were identified, including executables masquerading as meeting updates, MSI installers deploying legitimate remote support software, and commercial monitoring software configured for covert remote access. The campaign's goal appears to be establishing remote access using whichever tool is most effective." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773054022", "to_ids": false, "type": "text", "uuid": "c3bbf6aa-e82b-4d91-b22d-df25b87a0b04", "value": "Name: Remote Access Delivered Through Fake Zoom and Google Meet Calls\nAuthor: AlienVault\nAdversary: Storm-1865\nTags: [\"zoom\", \"phishing\", \"connectwise control\", \"google meet\", \"clickfix\", \"teramind\", \"social engineering\"]\nTgtd countries: []\nMlwr families: [\"Teramind\", \"ConnectWise Control\"]\nAttack_ids: [\"T1553.002\", \"T1219\", \"T1036\", \"T1059\", \"T1036.002\", \"T1204\", \"T1566\", \"T1571\", \"T1105\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1773054022", "to_ids": false, "type": "threat-actor", "uuid": "1416de15-70bb-48f2-a7c1-ba33770da330", "value": "Storm-1865" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773276073", "to_ids": true, "type": "sha256", "uuid": "9109430a-4d4e-4acb-980c-69644e4c09ed", "value": "1de8291997afa344fb21c83449b424f4d16978e0a8a866b7667754b88e72da00", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773276075", "to_ids": true, "type": "sha256", "uuid": "74cc36b2-cacf-4bd0-a3f9-5c647e52a69d", "value": "4af9b93dbb15a7da8120404bddf93028716673b15baca6338b533e7e8c232418", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773276076", "to_ids": true, "type": "sha256", "uuid": "47bfeebe-849a-41c3-98ac-ec12287e356e", "value": "ae8df1133d370407811292b9feaecb0b068ec12d14f0e237e13615e4048c63c0", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277103", "to_ids": true, "type": "url", "uuid": "fc74afea-5e3f-4e94-9282-50265488bb8a", "value": "http://uswebzoomus.com/zoom", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277125", "to_ids": true, "type": "url", "uuid": "ca5fe3c7-d461-4e30-b036-42d0e0885917", "value": "https://9googllemeett.live/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277149", "to_ids": true, "type": "url", "uuid": "0b1a4cc7-4ac8-4a03-97af-e417e125f550", "value": "https://9ooggleactivemeett.live/in/invite.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277171", "to_ids": true, "type": "url", "uuid": "f0205d7d-e9ab-47f2-aa1e-22f8d7b88e1c", "value": "https://dhvault.com/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277192", "to_ids": true, "type": "url", "uuid": "f41adf1b-5e8b-42db-b2dd-6e7622c7d190", "value": "https://goggllemmeettiingnc.com/meett/invite.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277213", "to_ids": true, "type": "url", "uuid": "28499a54-2516-4ee9-bba7-fbff0b1313ce", "value": "https://googlemeetme.us/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277235", "to_ids": true, "type": "url", "uuid": "19a98578-84fe-48e3-8849-435d24baf698", "value": "https://greenwayauto.sale/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277256", "to_ids": true, "type": "url", "uuid": "fc4abbfa-5186-4156-a08e-3b4e8caed13e", "value": "https://zooom-cal-imvite-zoom-session.org/zoooommeeting/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277277", "to_ids": true, "type": "domain", "uuid": "df6b0fa9-c2c9-4363-af11-c0e12b729671", "value": "9googllemeett.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277298", "to_ids": true, "type": "domain", "uuid": "10e3df47-ff90-4428-bfe0-7f377750b1ff", "value": "9ooggleactivemeett.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277320", "to_ids": true, "type": "domain", "uuid": "f0190f21-fc6a-4017-8506-3f010732aa82", "value": "dhvault.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277341", "to_ids": true, "type": "domain", "uuid": "4f243545-6b8f-4af4-8b47-f5787826dbc1", "value": "goggllemmeettiingnc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277363", "to_ids": true, "type": "domain", "uuid": "8e036722-8fe1-4072-af70-679e29152603", "value": "googlemeetme.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277384", "to_ids": true, "type": "domain", "uuid": "bf83be70-71a1-4f30-829a-3cb3520650a5", "value": "greenwayauto.sale", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277406", "to_ids": true, "type": "domain", "uuid": "e9bbed72-8c79-4ee4-8942-c096cecd5101", "value": "us01web-zoom.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277427", "to_ids": true, "type": "domain", "uuid": "41f9eecc-6985-4b51-9cf3-dcf630955b3f", "value": "uswebzoomus.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277448", "to_ids": true, "type": "domain", "uuid": "e7f83064-e4f2-4542-852f-93a92145f07d", "value": "zooom-cal-imvite-zoom-session.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277469", "to_ids": true, "type": "url", "uuid": "3f1e5886-ffd7-48f7-b42b-7287ea5befbb", "value": "uswebzoomus.com/zoom", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277490", "to_ids": true, "type": "url", "uuid": "8fa6b899-1be5-4baf-8022-4335990aafa3", "value": "https://zooooom.it.com/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773277511", "to_ids": true, "type": "url", "uuid": "b08fd641-be09-46cb-bbb8-197f10320c01", "value": "https://wc-42j.pages.dev/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773277533", "uuid": "275ab2b5-52d2-4bac-a907-cce814c25e53", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773277533", "to_ids": true, "type": "md5", "uuid": "6f559692-ebec-447e-9018-c72bdc9b53a8", "value": "2e754240b0f09cdacd2a1d73b2069bde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276068", "to_ids": true, "type": "sha1", "uuid": "d7295e80-525b-4429-a497-888f33fe3c17", "value": "7799089bdd10336c86268b33e0a6294c903d4c05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276068", "to_ids": true, "type": "sha256", "uuid": "b2f7e395-5b3d-402d-9fcc-5e065d07f824", "value": "96c421a915873a51a14fcbdbad84f8608f0679b03855158fe0ab85a6228c10a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275137", "to_ids": true, "type": "ssdeep", "uuid": "4b0800bd-6058-4aa7-ab26-d534cefea46f", "value": "786432:/rKU6DT0ucbTbMv22zAeV/X+0tdshTc3XyPteDeCOdeuKF1by:/uRf+nAu2FuQd73XyFeDMnKTy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275137", "to_ids": false, "type": "size-in-bytes", "uuid": "0a20d65b-a982-4b1f-968e-b5491ac8fa4e", "value": "38833672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275137", "to_ids": true, "type": "vhash", "uuid": "5ce9fe0c-1ffa-4ac9-95a3-f07ab9a58ef6", "value": "037056656d1555607016z71mz191zc019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275137", "to_ids": true, "type": "filename", "uuid": "71f6c3a2-d924-4005-b96c-8de5cb527553", "value": "Remote Access-windows64-offline.exe_ico" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 10/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275137", "to_ids": false, "type": "text", "uuid": "869e6cdb-13a5-465d-b8ef-f2f1918bf2aa", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.A!ml\nVT Total Detection:24/72\nFirst Submission:2026-01-23T11:54:49.000000+00:00\nLast Submission:2026-02-26T15:10:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773277554", "uuid": "2d01e740-7556-4b60-9fe6-e0f52a8dd5b9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773277554", "to_ids": true, "type": "md5", "uuid": "5c9108c2-4d40-4cb5-92f0-99962e842ad5", "value": "ad0a22e393e9289deac0d8d95d8118b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276070", "to_ids": true, "type": "sha1", "uuid": "e1748faf-353a-4c18-8559-32c7c1de0178", "value": "39359ac4c6f23c26809f44526c37411bbfc68e2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276070", "to_ids": true, "type": "sha256", "uuid": "c540c5cd-ea0c-4290-bd1a-8664302f0045", "value": "644ef9f5eea1d6a2bc39a62627ee3c7114a14e7050bafab8a76b9aa8069425fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275159", "to_ids": true, "type": "ssdeep", "uuid": "8183ace0-dec1-41df-a71b-1494662470b6", "value": "3145728:1/fkceLjNnVxd1QgojwmAeQXdiiKRdfDXr:xaLjFfQbZudsX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275159", "to_ids": false, "type": "size-in-bytes", "uuid": "f0236ae3-440d-40d9-a07b-411d961ac4b6", "value": "108822528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275159", "to_ids": true, "type": "vhash", "uuid": "908884fc-317e-4a3d-aa62-d4156ea1a406", "value": "d6d0c35de9a0bda63bbb672080c1cfc0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275159", "to_ids": true, "type": "filename", "uuid": "d77e4907-41ce-465c-8366-c4e9ed3ad600", "value": "945bd48ad7552716f4583_s-i(__d72c88943945bd48ad7552716f4583ada0b7c2a6) .msi" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 10/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275159", "to_ids": false, "type": "text", "uuid": "36cabe3c-7a29-4b9e-90dd-818b49c9f696", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:11/62\nFirst Submission:2026-01-27T15:29:44.000000+00:00\nLast Submission:2026-03-10T06:19:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773277575", "uuid": "4cfae244-261f-47e5-91ec-ee4c21b8bd39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773277575", "to_ids": true, "type": "md5", "uuid": "79421775-fdd9-4ab9-9cef-d522f88c38b4", "value": "d2c651efcb2258fed52949108a6e5a74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276072", "to_ids": true, "type": "sha1", "uuid": "6b55ce16-3c4d-4bb9-835d-8e711b94ede5", "value": "44c459cd50ddf47a4885db86add6bae4da3c6f34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276072", "to_ids": true, "type": "sha256", "uuid": "e4e786e0-b7de-4f33-91db-e2920ed3da67", "value": "ebb7f1c3f175c04e87fddce36f694ead62d89e16585a5d117e77b5f2abb13073", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275181", "to_ids": true, "type": "ssdeep", "uuid": "516e3449-fb24-45c6-89af-ed2e05f2e65d", "value": "196608:FaZk+wq0rsRTjTtR43PG8PZHj2BPFOsti7A95R8jsFp29XaIT030Hy05s6r8Ar8m:Bnq04RT9R4PkE7Ap84p29qIT0Z6rXr8A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275181", "to_ids": false, "type": "size-in-bytes", "uuid": "dfe17226-744d-4004-80c2-b2fa63e08a87", "value": "11055792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275181", "to_ids": true, "type": "vhash", "uuid": "418a2765-1472-4afd-8ecc-6b86512a9b39", "value": "0170766d157c0d5d0d60a043z8003a7z47z62z3efz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275181", "to_ids": true, "type": "filename", "uuid": "b01be13f-6afd-46da-8fc7-da9733f31819", "value": "zacmpckhy.exe" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275181", "to_ids": false, "type": "text", "uuid": "e7600506-cce1-444b-85b5-d4ee4b52e8ef", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:6/72\nFirst Submission:2026-02-26T15:59:27.000000+00:00\nLast Submission:2026-02-26T15:59:27.000000+00:00" } ] } ] } }