{ "Event": { "analysis": "1", "date": "2026-04-30", "extends_uuid": "", "info": "[Threat Intel] Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "protected": false, "publish_timestamp": "1779546231", "published": true, "threat_level_id": "2", "timestamp": "1779546231", "uuid": "87db8d1e-9d89-4822-b1f4-0ef5d65d15fb", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Void Arachne\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777892406", "to_ids": false, "type": "link", "uuid": "de99da88-6620-448f-b53e-98cba8c17aa0", "value": "https://securelist.com/silver-fox-tax-notification-campaign/119575/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1777892406", "to_ids": false, "type": "text", "uuid": "8605dc64-cada-4367-b69c-51eefdbe523b", "value": "The Silver Fox threat group conducted phishing campaigns in December 2025 and January 2026, impersonating tax authorities in India and Russia. Malicious emails contained archives with a modified Rust-based RustSL loader that deployed ValleyRAT backdoor. Over 1600 malicious emails targeted organizations across industrial, consulting, retail, and transportation sectors. During investigation, a previously undocumented Python-based backdoor named ABCDoor was discovered, active since late 2024. The attacks utilized multi-stage infection chains involving encrypted payloads, custom ValleyRAT modules, and various persistence mechanisms including Phantom Persistence technique. ABCDoor features remote control capabilities, screen broadcasting using ffmpeg, and file manipulation functions. The group employed sophisticated evasion techniques including geofencing, string encryption, and mimicking legitimate VPN services." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1777892406", "to_ids": false, "type": "text", "uuid": "95d61f6e-c026-4eb8-9849-673daa84a843", "value": "Name: Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India\nAuthor: AlienVault\nAdversary: Silver Fox\nTags: [\"python backdoor\", \"silver fox\", \"winos 4.0\", \"valleyrat\", \"ABCDoor\"]\nTgtd countries: [\"British Indian Ocean Territory\", \"India\", \"Indonesia\", \"Japan\", \"Russian Federation\", \"South Africa\"]\nMlwr families: [\"ABCDoor\", \"ValleyRAT\", \"RustSL\", \"Winos 4.0\"]\nAttack_ids: [\"T1053.005\", \"T1113\", \"T1056.001\", \"T1204.002\", \"T1566.001\", \"T1115\", \"T1106\", \"T1140\", \"T1219\", \"T1055\", \"T1083\", \"T1497\", \"T1102\", \"T1547.001\", \"T1027\", \"T1573\", \"T1132\", \"T1070.004\", \"T1071.001\"]\nIndustries: [\"Manufacturing\", \"Retail\", \"Transportation\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778201565", "to_ids": false, "type": "threat-actor", "uuid": "6e61db9e-8a43-4a4b-b66d-17b852dd46ed", "value": "Silver Fox", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Void Arachne\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207048", "to_ids": true, "type": "domain", "uuid": "81957a44-f416-4c6a-b696-7d7c790f9c3c", "value": "obfuscate.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207069", "to_ids": true, "type": "ip-dst", "uuid": "5546edda-5edf-4077-9711-ecb25462e10f", "value": "207.56.138.28", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207090", "to_ids": true, "type": "ip-dst", "uuid": "3ed8eacc-a1bd-40e6-939b-12eb17445109", "value": "108.187.37.85", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207112", "to_ids": true, "type": "ip-dst", "uuid": "ee6f2497-9dcb-4fbe-85e6-e8c77a1b7757", "value": "154.82.81.205", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207133", "to_ids": true, "type": "url", "uuid": "fd00120f-6d18-4aca-8f65-5c7f02bf53df", "value": "http://154.82.81.205/YD20251001143052.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207154", "to_ids": true, "type": "ip-dst", "uuid": "1a8626f5-bc97-4ec8-a3f6-c0789122f9bc", "value": "108.187.42.63", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207175", "to_ids": true, "type": "hostname", "uuid": "59ca42b2-4b1d-4c4a-9d8c-0887ae034a12", "value": "abc.doublemobile.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207197", "to_ids": true, "type": "domain", "uuid": "4abb6a73-988a-4944-a1e6-17bb5470bea1", "value": "guard.rs", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207218", "to_ids": true, "type": "ip-dst", "uuid": "d27acb67-ca94-4634-adf6-5736395d4a10", "value": "108.187.41.221", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207239", "to_ids": true, "type": "ip-dst", "uuid": "9ded080b-0e00-4d39-a783-cbdbed1f5356", "value": "192.163.167.14", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207261", "to_ids": true, "type": "ip-dst", "uuid": "bf83cdd4-a82f-4bb0-a7cd-c5272a18d66d", "value": "45.192.219.60", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phishing PDF file No sample in VT\r\nLast check:08/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546223", "to_ids": true, "type": "md5", "uuid": "1adc9819-498a-4a5b-8534-0699529c7696", "value": "1aa72cd19e37570e14d898dff3f2e380", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546224", "to_ids": true, "type": "md5", "uuid": "ec5bcbd2-2827-430e-bcfd-8c893f65e9f8", "value": "2375193669e243e830ef5794226352e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phishing PDF file No sample in VT\r\nLast check:08/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546226", "to_ids": true, "type": "md5", "uuid": "c98aed53-39d4-46af-8eaa-8d53bd3c4763", "value": "6611e902945e97a1b27f322a50566d48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phishing PDF file No sample in VT\r\nLast check:08/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546227", "to_ids": true, "type": "md5", "uuid": "463299d2-875c-4bde-81c6-27e8a82db01c", "value": "79cd56fc9abf294b9ba8751e618ec642", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phishing PDF file No sample in VT\r\nLast check:08/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546229", "to_ids": true, "type": "md5", "uuid": "daa8cb22-92dc-4a38-9841-642787a669af", "value": "84e54c3602d8240ed905b07217c451cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546231", "to_ids": true, "type": "md5", "uuid": "c7efee80-3b65-4f1c-bd42-fd4715457d1b", "value": "fc546acf1735127db05fb5bc354093e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207282", "to_ids": true, "type": "ip-dst", "uuid": "8550f03e-3f0a-4ac2-a6f2-05e6d34b37d2", "value": "154.82.81.192", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207303", "to_ids": true, "type": "ip-dst", "uuid": "e9188b0c-cd99-43fa-967f-7d1490c324f7", "value": "192.229.115.229", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207324", "to_ids": true, "type": "ip-dst", "uuid": "f4ae0433-d944-4296-ad85-cb50c0852cca", "value": "192.238.205.47", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207345", "to_ids": true, "type": "ip-dst", "uuid": "e69d3806-6847-49b9-aebd-61fd99686101", "value": "207.56.119.216", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207366", "to_ids": true, "type": "ip-dst", "uuid": "13843086-e1cd-43f4-9122-9ef2b77ce2de", "value": "57.133.212.106", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207387", "to_ids": true, "type": "url", "uuid": "0fe2e466-643a-4331-8d7e-2e090011f88a", "value": "http://154.82.81.205/YD20251001143052.zip'", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207408", "to_ids": true, "type": "url", "uuid": "5d43d833-cd32-4183-b02b-567e9a2861bc", "value": "http://154.82.81.205/YN20250923193706.zip.", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207429", "to_ids": true, "type": "url", "uuid": "45c55670-580f-4518-87ed-1023550d185b", "value": "https://abc.fetish-friends.com/setup/install", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207450", "to_ids": true, "type": "url", "uuid": "9f3edee2-b749-41bd-9219-8b466bcd338f", "value": "https://abc.fetish-friends.com/setup/install?channel=dianhua-0903", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207472", "to_ids": true, "type": "url", "uuid": "4cd0686f-64ca-452a-83bf-2bdd3d4b7b57", "value": "https://abc.fetish-friends.com/setup/install?channel=whatsapp_0826", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207494", "to_ids": true, "type": "url", "uuid": "36ef9088-949b-4482-b2c7-bc7ead5517ac", "value": "https://abc.fetish-friends.com/setup?channel=jiqi_0819", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207515", "to_ids": true, "type": "url", "uuid": "5bb91fc9-99b8-4097-b162-24f58498427f", "value": "https://abc.fetish-friends.com/uploads/appclient.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207536", "to_ids": true, "type": "url", "uuid": "3c67fff2-8e9f-46d9-b98d-3325b3aeccc7", "value": "https://mcagov.cc/download.php?type=exe.", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207557", "to_ids": true, "type": "url", "uuid": "a8be51ed-12ae-40e9-ad17-e20c1ae01210", "value": "https://roldco.com/api/download/c51bbd17-ef08-4d6c-ab4c-d7bf49483dd6", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207578", "to_ids": true, "type": "url", "uuid": "72cb76d0-ac63-423b-ade8-391923ee45b6", "value": "https://sudsmama.com/api/download/50e24b3a-8662-4d2f-9837-8cc62aa8f697", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207600", "to_ids": true, "type": "url", "uuid": "28cf68fd-2b80-42c2-8d14-c7a3a130f59d", "value": "https://sudsmama.com/api/download/c8ea0a2c-42c2-4159-9337-ee774ed5e7cb", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2s for malicious remote control utilities", "deleted": false, "disable_correlation": false, "timestamp": "1778207621", "to_ids": true, "type": "url", "uuid": "aea0fe48-a549-4a8c-a409-cb0359bec024", "value": "https://vnc.kcii2.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207642", "to_ids": true, "type": "domain", "uuid": "2d4a855b-a891-447d-8eb0-49f67be861fa", "value": "ipv4.rs", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ABCDoor loader C2", "deleted": false, "disable_correlation": false, "timestamp": "1778207663", "to_ids": true, "type": "domain", "uuid": "d1aa6bcf-7095-46b7-b124-16432bd335a6", "value": "mcagov.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ABCDoor loader C2", "deleted": false, "disable_correlation": false, "timestamp": "1778207684", "to_ids": true, "type": "domain", "uuid": "390a4f8d-b313-4ea0-9da6-1a7bf1a4f3ab", "value": "roldco.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207705", "to_ids": true, "type": "domain", "uuid": "db08d571-54ff-4458-9d31-a4c265fe419f", "value": "steganography.rs", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207726", "to_ids": true, "type": "domain", "uuid": "34cb691e-2702-46af-9190-4b9b9083f19e", "value": "sudsmama.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207747", "to_ids": true, "type": "domain", "uuid": "e62e3e9b-87ac-485d-876f-636f1b6d22c6", "value": "uuid.rs", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207769", "to_ids": true, "type": "hostname", "uuid": "9b53e4a9-c655-4061-9e03-fa0bcb48fea4", "value": "abc.3mkorealtd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207790", "to_ids": true, "type": "hostname", "uuid": "1c338c75-1dd3-41fa-91f6-2fb2505f27f5", "value": "abc.fetish-friends.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Distribution servers for phishing PDFs, archives, and encrypted RustSL payloads", "deleted": false, "disable_correlation": false, "timestamp": "1778207811", "to_ids": true, "type": "hostname", "uuid": "9eb66a76-8afd-4815-bd84-f4f8a40001fa", "value": "abc.haijing88.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207832", "to_ids": true, "type": "hostname", "uuid": "d756ead3-c8ce-4737-89f1-26e8ad838c91", "value": "abc.ilptour.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207853", "to_ids": true, "type": "hostname", "uuid": "43709842-b64f-404f-af53-bb84129f6977", "value": "abc.petitechanson.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207874", "to_ids": true, "type": "hostname", "uuid": "4bfa4dfc-d4d6-4156-a201-c05ccb846c30", "value": "abc.sudsmama.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207896", "to_ids": true, "type": "hostname", "uuid": "78a43545-3578-4da7-a7fe-7614a57a38b6", "value": "abc.woopami.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2s for malicious remote control utilities", "deleted": false, "disable_correlation": false, "timestamp": "1778207917", "to_ids": true, "type": "hostname", "uuid": "0f498f54-4991-459f-9e93-089d22fdc164", "value": "vnc.kcii2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ABCDoor C2", "deleted": false, "disable_correlation": false, "timestamp": "1778201596", "to_ids": true, "type": "ip-dst|port", "uuid": "9ae09228-8723-433f-8fd0-a4bb5f4e4f1e", "value": "45.118.133.203|5000" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207938", "to_ids": true, "type": "ip-dst", "uuid": "e0068ff7-58d6-4805-9698-d08b5b0197b0", "value": "139.180.128.251", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778207959", "to_ids": true, "type": "ip-dst", "uuid": "1321eb1f-a861-4f27-96d8-51e1ed78f4cb", "value": "45.32.108.178", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546049", "uuid": "7c2fedb2-433a-406a-99ba-f73d52358359", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546048", "to_ids": true, "type": "md5", "uuid": "bc0e3ddb-0d55-4367-b02a-19c1bbb270a8", "value": "44299a368000ae1ee9e9e584377b8757", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546048", "to_ids": true, "type": "sha1", "uuid": "1f1a6128-054a-44a6-9f96-e52f569dd7a4", "value": "895aebe2d281e66f87963c01de570286561a0de2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546049", "to_ids": true, "type": "sha256", "uuid": "a3050b19-0df2-493c-b44a-7a7c28db12e7", "value": "3296bd88e0a85ebad4f429878bf8bca16ac43e609133b4781f88a339c37bfe9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204577", "to_ids": true, "type": "ssdeep", "uuid": "6f37f147-160e-4107-8077-7055b8bb8958", "value": "6144:qU8gz9doYYwFl8xlyBmgU3uUOsv70j8NPi5vM9UVFcgyBoo0cMlYbc5n4IHes:q/g/oYlFCxlv7+H3j8NPi5KT/yl2bc9d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204577", "to_ids": false, "type": "size-in-bytes", "uuid": "63092feb-8f71-417b-a47b-02e62d038205", "value": "354232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204577", "to_ids": true, "type": "vhash", "uuid": "0d0d93e0-81b4-40b1-8cf9-d2d1800717c6", "value": "035066655d1d05756018z5b3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204577", "to_ids": true, "type": "filename", "uuid": "2ca939cf-75b0-4764-ae22-f76d70082b5b", "value": "3296bd88e0a85ebad4f429878bf8bca16ac43e609133b4781f88a339c37bfe9f.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204577", "to_ids": false, "type": "text", "uuid": "4ae927dc-3c78-4dc4-b38b-d6941639676f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:49/70\nFirst Submission:2025-12-22T09:38:22.000000+00:00\nLast Submission:2026-03-01T19:16:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546052", "uuid": "b325d9bf-ac74-4b15-9bff-30504932bd66", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546051", "to_ids": true, "type": "md5", "uuid": "71c148be-792a-4a1d-a7c5-901f7d4a0375", "value": "4fc5ec1de89ce3fcdd3e70db4a9c39d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546051", "to_ids": true, "type": "sha1", "uuid": "c317a52d-05d6-497d-85bd-8f1dac086591", "value": "fd4dba4c4493e6fe3045f9e47f63b6f8b256ac32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546052", "to_ids": true, "type": "sha256", "uuid": "91f23eb9-27c7-47f4-b0b9-cd725a50cc40", "value": "4518249127a023adb81d232452395e1506a3766eac1664b8a63c3d0e7dcc2dc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204599", "to_ids": true, "type": "ssdeep", "uuid": "07410075-7eb7-4fbf-8a56-c97dc570c56c", "value": "6144:amT+dNiJwJGV/fhS9lRsfxuxtoO2UcgJEMEUx5vu7Mw090+ffJlzN322o0cMlYbj:amT+dNiJwJGV/fhbuxtoxShfu7MwKz45" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204599", "to_ids": false, "type": "size-in-bytes", "uuid": "7bb3f5c1-0082-4dd0-844b-462f0f238da9", "value": "376248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204599", "to_ids": true, "type": "vhash", "uuid": "9dff71a2-908e-4492-a7b4-873cd18bc3a2", "value": "035066655d1d05756018z5c3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204599", "to_ids": true, "type": "filename", "uuid": "f4df7caf-670c-4346-90b7-10490db195be", "value": "4518249127a023adb81d232452395e1506a3766eac1664b8a63c3d0e7dcc2dc2.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204599", "to_ids": false, "type": "text", "uuid": "ab8a19f8-dae2-49a3-a2ed-b957b72d4103", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:44/70\nFirst Submission:2025-12-25T05:28:14.000000+00:00\nLast Submission:2026-01-09T10:25:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546054", "uuid": "10ced651-1d06-48ad-a0d3-bc58461d54be", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546054", "to_ids": true, "type": "md5", "uuid": "b35069af-da81-4c68-b465-48ed791e05a3", "value": "70ae9ca2a285da9005a8acb32dd31ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546054", "to_ids": true, "type": "sha1", "uuid": "5df65061-1d2c-485e-be45-89a902d823b3", "value": "1d28c9073fb89c09cd34ea3592d6654832e45a14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546054", "to_ids": true, "type": "sha256", "uuid": "8772fee5-b7b4-41d2-960c-a35b3af367ff", "value": "4b4dcbd26f08dca7e3e5721f0f5bdc6274e1edc0556e0749a426ec22ff83ca10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204620", "to_ids": true, "type": "ssdeep", "uuid": "8c79da79-c9f1-4a37-93ca-1d25840fb1aa", "value": "6144:xDV9hNdYEDJnZRaV3gu/yM5NCTB5pAjOqLtOC3po0cMlYbc55/Pdu:xDZNLDJnZYHykCTB5xq8Gl2bcD/Pdu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204620", "to_ids": false, "type": "size-in-bytes", "uuid": "a1824851-a06c-42f5-9e8c-9aad289f06b8", "value": "320512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204620", "to_ids": true, "type": "vhash", "uuid": "f830a3f3-6d4a-44ab-88c8-ef12de00e7e8", "value": "035066655d1d05756018z573z2@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204620", "to_ids": true, "type": "filename", "uuid": "051bff77-aeeb-47f8-ab49-7a0d33c00c5b", "value": "80jwd.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204620", "to_ids": false, "type": "text", "uuid": "387fc275-8f6e-4cb2-8386-f8b27a69073f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Leonem!rfn\nVT Total Detection:48/70\nFirst Submission:2025-12-27T04:43:38.000000+00:00\nLast Submission:2025-12-27T04:43:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546057", "uuid": "334db853-c59a-45b2-8a79-169dc0b796eb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546057", "to_ids": true, "type": "md5", "uuid": "97b85548-f2ff-447c-9c4e-83b499bfca1d", "value": "a0d1223ca4327aa5f7674bda8779323f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546057", "to_ids": true, "type": "sha1", "uuid": "10acee86-aca1-48ed-8a15-361c87621f24", "value": "96ea4a649f67272e305b75401a4045efae91c926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546057", "to_ids": true, "type": "sha256", "uuid": "21486c85-790d-4d86-8709-ee57bb70935c", "value": "949b0bea5bd7feab58e280dde49310521920b655714c5f1b7d9de8719373dcd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204642", "to_ids": true, "type": "ssdeep", "uuid": "9422c4f0-fa17-445f-81b9-b84fc026d7d2", "value": "6144:rXcD8g9Spj4XXobxfsQDgF2vyJCqAi7JJIKMtUwMWefBO2BAes:rw8kobxf93eAi7JIMBOofs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204642", "to_ids": false, "type": "size-in-bytes", "uuid": "eb0d304f-f6de-4154-ab56-da0f8533f123", "value": "488888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204642", "to_ids": true, "type": "vhash", "uuid": "bfbf5117-91a6-49af-a24a-69703649b083", "value": "045066655d1d05556018z5b3z2@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204642", "to_ids": true, "type": "filename", "uuid": "906d3754-cf6b-4092-947f-f48ac5799059", "value": "Open File.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204642", "to_ids": false, "type": "text", "uuid": "f5165a9d-6125-403b-821c-9f5fc889c100", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:54/71\nFirst Submission:2025-12-26T11:35:23.000000+00:00\nLast Submission:2026-01-05T03:45:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546060", "uuid": "83878c19-158f-4d2d-8efd-fec687c439fa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546059", "to_ids": true, "type": "md5", "uuid": "8ea6b957-f662-48fb-bb1f-1b561bd0f9c6", "value": "b0e06925db5416dfc90babf46402cd6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546060", "to_ids": true, "type": "sha1", "uuid": "48006fc3-5a18-47cd-bd19-af255821e292", "value": "a00e86ee1c4a1318ae394d3927d01f5aec74f861", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546060", "to_ids": true, "type": "sha256", "uuid": "5f51b621-74f4-48ef-a93f-a3ed250196d4", "value": "f0e4d25b9b707be029e915ecb9fe61132cce89e138de36fef5e1edef551d7c25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204664", "to_ids": true, "type": "ssdeep", "uuid": "ae9713aa-2786-4078-b7fe-3bbd30c06207", "value": "6144:ukEp2sL9s7e+py4ppG3Yg8D3tm+Id6ireEcbLcViW0a/Noo0cMlYbc53bwSes:uJ2s8euy4ppT/D9g6ireJtW0aWl2bcF9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204664", "to_ids": false, "type": "size-in-bytes", "uuid": "7c1edf7d-34d4-4428-86f5-5539532bf62c", "value": "356280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204664", "to_ids": true, "type": "vhash", "uuid": "5d81e7b3-4166-4ccb-aa00-985ddf8749ae", "value": "035066655d1d05756018z5b3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204664", "to_ids": true, "type": "filename", "uuid": "eb1507f6-3c10-4036-b917-dfd1973d9acb", "value": "Check File.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204664", "to_ids": false, "type": "text", "uuid": "dd7dbae4-4e41-45ea-a3c5-5c10a8c0adcc", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:44/70\nFirst Submission:2026-01-02T09:39:39.000000+00:00\nLast Submission:2026-01-09T19:52:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546063", "uuid": "8be8248a-70aa-4570-a7cc-d71e14e3bdf4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546062", "to_ids": true, "type": "md5", "uuid": "2d9eaa0a-62c8-4c33-af61-d282f7809729", "value": "2c5a1dd4cb53287fe0ed14e0b7b7b1b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546063", "to_ids": true, "type": "sha1", "uuid": "d53e1695-67d9-49bd-9b24-d47ae76da0e4", "value": "25818cdcfb39eaa22d999d214e6159417cfba72e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546063", "to_ids": true, "type": "sha256", "uuid": "2f1e0340-870c-49c9-a2e6-7a9946fc84bf", "value": "5d8c7fffc0992639edbca893366f19d5784af2d77e3cfcbaa445a10c503f935a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204686", "to_ids": true, "type": "ssdeep", "uuid": "4b74a1c9-80b8-4ded-8778-1e6225575993", "value": "6144:t31owzY9cvbKW97XxaZQGlS6tuiOuMobAQJVs/vo/43x0o0cMlYbc5bes:t35AOspNui/AQJVsno/4Bsl2bcYs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204686", "to_ids": false, "type": "size-in-bytes", "uuid": "3b59b255-447b-4f77-81bd-e11914931519", "value": "456632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204686", "to_ids": true, "type": "vhash", "uuid": "2a03aaa8-c68b-4359-9f44-00375e8803a2", "value": "045076655d155d05755058z653z3hzbfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204686", "to_ids": true, "type": "filename", "uuid": "27fc0549-1a8a-4d64-9231-7756ebad00fc", "value": "roi8me.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204686", "to_ids": false, "type": "text", "uuid": "34fa76ff-fad6-4a88-885e-17abc17d1168", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/71\nFirst Submission:2026-01-19T04:33:44.000000+00:00\nLast Submission:2026-01-19T04:33:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546065", "uuid": "6ef17717-e2fd-4e4e-ab1e-7114ac5e116e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546065", "to_ids": true, "type": "md5", "uuid": "3f050bc5-9c32-4782-ac06-b496e2e86a55", "value": "3c6aec25ebb2d51e1f16c2eef181c82a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546065", "to_ids": true, "type": "sha1", "uuid": "863347e1-cc24-4536-94cf-800a5f38237e", "value": "bb88f63ba7762b7307251ab0e8bb544ccbaf9b52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546065", "to_ids": true, "type": "sha256", "uuid": "86d3b373-f25e-47d7-bcbe-98bf3d8657e9", "value": "795f939f8b9a2d56a3e8a609cab81032d9122a7d56ea852d95cd668f09139a3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204707", "to_ids": true, "type": "ssdeep", "uuid": "b8e32e42-2e27-43b3-b490-de153f764bce", "value": "6144:ItKxEiC9Qs+XyppCgU56HH5tKexn3uN97CrlvzwHYN2CpRMZoo0cMlYbc5eb:Ioiii+XyKHQHzhuN97CrRhjl2bc8b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204707", "to_ids": false, "type": "size-in-bytes", "uuid": "9c98311e-21e0-4ad1-a985-b3e862777b1b", "value": "343040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204707", "to_ids": true, "type": "vhash", "uuid": "f87bef3a-aeb9-41ff-8b12-34671857c0fb", "value": "035066655d1d05756018z5c3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204707", "to_ids": true, "type": "filename", "uuid": "06ccaa28-84ae-4cc4-9b4d-b0b3b39b6989", "value": "6e40hmhgm.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204707", "to_ids": false, "type": "text", "uuid": "eb38d04d-ae7a-41dd-9c35-00e5997fb40d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:51/70\nFirst Submission:2026-01-18T06:37:47.000000+00:00\nLast Submission:2026-01-18T06:37:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546068", "uuid": "558c84a0-c880-49e8-ab8a-b3c7193dc278", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546067", "to_ids": true, "type": "md5", "uuid": "3297a4c2-8dc4-49ec-8704-505b7c5cab39", "value": "70016ddbcb8543bdb06e0f8c509ee980", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546068", "to_ids": true, "type": "sha1", "uuid": "e4afa9e9-4f2f-4719-809e-c6f01fa40197", "value": "34d7aa9cf1fceab7f221891f7fbc23157bd9f65b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546068", "to_ids": true, "type": "sha256", "uuid": "cf38bdb5-d371-4155-9694-e9f03b18c14c", "value": "5be9fc4ad9ae3e791d18427f4592c234dfb612aec39b219e8ec57424f61cbab3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204729", "to_ids": true, "type": "ssdeep", "uuid": "75ee587f-b414-40df-8c89-cbb76e2da6d0", "value": "6144:0cUC8i38xHmd3or8xazAlcEcaYJMtdXGi+eOsbRFSmo0cMlYbc5:kiU0zssBq6eeOsGOl2bc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204729", "to_ids": false, "type": "size-in-bytes", "uuid": "9906ba7e-8d8f-4919-9c48-f94c036f0ea7", "value": "446976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204729", "to_ids": true, "type": "vhash", "uuid": "c96937c9-abbc-406a-83e9-b698070cc298", "value": "045076655d155d05755018z5e3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204729", "to_ids": true, "type": "filename", "uuid": "23f9a724-a3d7-4f12-8ce1-307411f2d7d7", "value": "isxdwbk9.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204729", "to_ids": false, "type": "text", "uuid": "dfa0497d-461c-46ce-a915-9cea30aeb55e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:45/71\nFirst Submission:2026-01-24T19:11:13.000000+00:00\nLast Submission:2026-01-24T19:11:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546071", "uuid": "6d503488-f1e4-4f04-b3bf-55acd76cecf1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546070", "to_ids": true, "type": "md5", "uuid": "927ce413-93d3-4613-8417-abdd76fb0530", "value": "8fc911ca37f9f451a213b967f016f1f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546070", "to_ids": true, "type": "sha1", "uuid": "7fac4fe4-6c2b-433c-879f-9063522b116e", "value": "9a6c59eaa1d467029c8e1fee651b6d09ddde91e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546071", "to_ids": true, "type": "sha256", "uuid": "66d9a998-4324-4c51-907a-385912ccd519", "value": "905efac09785631ed57e57a6236b87c04f53b9e0a3bf697df71365814dee6362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204751", "to_ids": true, "type": "ssdeep", "uuid": "e93f4bab-fcef-4494-9aca-b6706aaa9f04", "value": "6144:iyeT0Ve/pBTyqxaP6i3yd6Ya55OQM3V+iB0m+LNQ+KCHxo0cMlYbc5:r219s33Ia5oymOl2bc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204751", "to_ids": false, "type": "size-in-bytes", "uuid": "84e55449-9409-4b65-9e56-7beaf23cf9c1", "value": "385536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204751", "to_ids": true, "type": "vhash", "uuid": "d55cc64f-9718-4d2e-a795-d407770a56b5", "value": "035076655d155d05755018z5f3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204751", "to_ids": true, "type": "filename", "uuid": "7ba0db47-31d2-4fe6-a993-954bee84b1dc", "value": "9xw2l.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204751", "to_ids": false, "type": "text", "uuid": "b36d171a-1fc4-4cc4-a33e-64b845a058a7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:44/71\nFirst Submission:2026-01-24T20:00:13.000000+00:00\nLast Submission:2026-01-24T20:00:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546074", "uuid": "43433ff1-4566-449d-bdbe-6c6b65155d17", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546073", "to_ids": true, "type": "md5", "uuid": "55e8a330-ac6c-4ab0-9548-5226b41cfb4a", "value": "dd0114ffacc6610b5a4a1cb0e79624cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546073", "to_ids": true, "type": "sha1", "uuid": "1f87cda5-af56-4b0b-9ba4-19e9425cbf91", "value": "0e8c2c75d3dd4b670b8d035d5f645c74f5455c02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546074", "to_ids": true, "type": "sha256", "uuid": "6e1d1dba-8c5f-45da-a9d0-993102d599a9", "value": "dbfa683cd8c600ed0e90f58eb965ca38b1561fa99d12cb7f252e8608da217df2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204773", "to_ids": true, "type": "ssdeep", "uuid": "b529574f-d6f3-4147-9d8f-ebf2a46c5bea", "value": "6144:W1Dvw9dhG4wAXKBvqFnIqwgNmd9uifpAy4+PMeg8lie3oo0cMlYbc5h:WBvOhVJaBvqCyKhpAy4+RKnl2bcz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204773", "to_ids": false, "type": "size-in-bytes", "uuid": "7bb2619e-9dab-4c87-9d38-4a1cdf8cad56", "value": "343040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204773", "to_ids": true, "type": "vhash", "uuid": "966c7fa8-3b39-4b8f-8c66-87413574bcea", "value": "035066655d1d05756018z5b3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204773", "to_ids": true, "type": "filename", "uuid": "5cff9d83-c2a0-4366-85bc-adf1aa86ad17", "value": "Check.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204773", "to_ids": false, "type": "text", "uuid": "8ba0ddab-0bda-48c4-b553-81df0e85c232", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Leonem!rfn\nVT Total Detection:45/70\nFirst Submission:2025-12-27T05:10:47.000000+00:00\nLast Submission:2026-01-09T10:27:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546076", "uuid": "2898e20a-0cee-40b3-8f06-25765c9951f0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546075", "to_ids": true, "type": "md5", "uuid": "574c4930-b063-4811-acdf-6935282d3b14", "value": "a083c546dc66b0f2a5e0e2e68032f62c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546076", "to_ids": true, "type": "sha1", "uuid": "7791227c-994e-437e-9a39-d52cd1d34cb0", "value": "acbdc1781a5a62789fdd233cde9c6521500f66f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546076", "to_ids": true, "type": "sha256", "uuid": "67424e09-7dae-4cbf-9c58-35054303ec5f", "value": "67c87dafb26de3b2b15b93a4ccd291e95682b9adf4ecb083b7c54286245ebd87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204795", "to_ids": true, "type": "ssdeep", "uuid": "dc77113e-651a-4e92-a4f5-b5a84b60036a", "value": "6144:ZRrPkJGsbUPPxNxaU3yV/k++8bRE7SBz/T1+ipVSo0cMlYbc5:HkCPXsUGbFZ5/ql2bc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204795", "to_ids": false, "type": "size-in-bytes", "uuid": "2e665150-aa40-4b56-8d86-b1fdbe516fd7", "value": "389632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204795", "to_ids": true, "type": "vhash", "uuid": "ba018455-fd37-4dd2-a6d3-8abbee1d2248", "value": "035076655d155d05755018z5e3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204795", "to_ids": true, "type": "filename", "uuid": "87db9b29-9fc5-4001-9fa4-412e52e7359d", "value": "23j6fw.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204795", "to_ids": false, "type": "text", "uuid": "cd917246-cea8-429a-bd51-583130ee2ef9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:44/71\nFirst Submission:2026-01-21T14:54:43.000000+00:00\nLast Submission:2026-01-21T14:54:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546079", "uuid": "e4dbff4a-31e5-42f1-8dac-03707cc8ae93", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546078", "to_ids": true, "type": "md5", "uuid": "6876c32f-b5fd-425e-a1fc-ee984c7d5763", "value": "1d1f71936db05f67765f442feb95f3fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546079", "to_ids": true, "type": "sha1", "uuid": "36e9fa90-fc96-4fd2-acda-96659dddbf71", "value": "b5fbfac459479246010d77dcdbe4ef3dce807ea3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546079", "to_ids": true, "type": "sha256", "uuid": "9828de94-c29b-48fc-9786-d00dd44611b2", "value": "a79f98bcead6efc9a1b71556e83cac7b0924544f11ff5ceedf80b0cc2f778d02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204816", "to_ids": true, "type": "ssdeep", "uuid": "35b2db8d-51f3-495e-9d17-dfc584f3f110", "value": "6144:9GmubZRaap9lWlUvdhewgu7KOeB2p6sOmxl08cFAjpP9o0cMlYbc57Tes:9HubvaaUlUvdvlesp6sOmx91Jl2bcNKs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204816", "to_ids": false, "type": "size-in-bytes", "uuid": "09d93b73-3ec3-478b-ba05-29d47ae6be14", "value": "357304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204816", "to_ids": true, "type": "vhash", "uuid": "1af7f905-9753-4660-a34e-af00ba41633b", "value": "035066655d1d05756018z5d3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204816", "to_ids": true, "type": "filename", "uuid": "202a435a-9fe1-438f-b6cc-72314c7682c4", "value": "a79f98bcead6efc9a1b71556e83cac7b0924544f11ff5ceedf80b0cc2f778d02.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204816", "to_ids": false, "type": "text", "uuid": "77da1068-1aec-41cf-9870-35d70a8b4de1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:55/70\nFirst Submission:2026-01-02T05:20:16.000000+00:00\nLast Submission:2026-01-07T02:34:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546082", "uuid": "43a72855-54cf-4afd-b588-1e166e7d54c1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546081", "to_ids": true, "type": "md5", "uuid": "4830c5a1-1782-45a9-a6c4-8d821122a70f", "value": "d1d78cd1436991adb9c005cc7c6b5b98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546082", "to_ids": true, "type": "sha1", "uuid": "cbbb9a73-8a80-48b2-99fd-f7603b418bb3", "value": "538ce04beaac54463d5de3b59d1e934928130fbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546082", "to_ids": true, "type": "sha256", "uuid": "17f71a63-1709-44ed-b856-7b93a7ac12c4", "value": "638fe471d7ea29e45f7f08b34012331e18eaaebe5bdcae84768d942f45a72a6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204838", "to_ids": true, "type": "ssdeep", "uuid": "4b71de45-0d59-4b02-ac1f-68142c1a9a78", "value": "6144:PQOCc9F2kEdEOUkJxUg5pHoVYy270Jw7rPe1Hg5sW2B0Fo0cMlYbc5EW:PQOCa2kzOUkgYK070JwrpsV8l2bc2W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204838", "to_ids": false, "type": "size-in-bytes", "uuid": "c0bbc1d3-4026-433e-bc24-5f184c78cfe3", "value": "395720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204838", "to_ids": true, "type": "vhash", "uuid": "c9846ac2-dcb6-40f3-88db-45e2fa11683e", "value": "035066655d1d05756058z613z3hzafz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204838", "to_ids": true, "type": "filename", "uuid": "415e735b-778f-41bd-b4e8-8d1f491d3bba", "value": "638fe471d7ea29e45f7f08b34012331e18eaaebe5bdcae84768d942f45a72a6a.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204838", "to_ids": false, "type": "text", "uuid": "cff541c0-960f-4893-bd83-83a2e6fe3dc3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:40/70\nFirst Submission:2026-01-13T07:35:06.000000+00:00\nLast Submission:2026-02-05T15:12:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546085", "uuid": "f4192bf4-8b4e-451d-b5d0-7df6e61f2b3e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546084", "to_ids": true, "type": "md5", "uuid": "d0cb1da0-d39e-4c43-86fa-acedf6719462", "value": "039e93b98ef5e329f8666a424237ae73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546084", "to_ids": true, "type": "sha1", "uuid": "53f71573-d21d-4b00-91b1-a8520fa216b8", "value": "4f121e33a30d088714bc03432946d68550c0d5a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546085", "to_ids": true, "type": "sha256", "uuid": "a5330427-fb56-4406-949b-7642a3f22056", "value": "440976425e5dfb7b9f46e0bf02a673b03c514e1b7fd717080a6de5679276967d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204860", "to_ids": true, "type": "ssdeep", "uuid": "2f0a3b20-5527-4db2-886e-078b0252ccaa", "value": "6144:QvNbe9gYWQnBmwy9gVXJT4ngXX09tTNved1qHEi22nKdZsIAo7R9rz:QtxVP9gVX0Mk9G1qkTsMrz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204860", "to_ids": false, "type": "size-in-bytes", "uuid": "97d50f42-1b28-4909-8841-65b99511ef2b", "value": "465208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204860", "to_ids": true, "type": "vhash", "uuid": "808f5c06-bed2-4245-92d1-84082acb4be0", "value": "045066655d1d05156015z5005d3z33z303rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204860", "to_ids": true, "type": "filename", "uuid": "ada958d2-83ea-4748-b936-5357f544ab5e", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204860", "to_ids": false, "type": "text", "uuid": "111dbddb-1168-4718-85dd-c45983128090", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:52/70\nFirst Submission:2026-02-04T07:49:55.000000+00:00\nLast Submission:2026-02-06T09:33:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546087", "uuid": "c8731101-a635-4f13-bf54-e8738f4afccc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546086", "to_ids": true, "type": "md5", "uuid": "f8aba5c9-3624-4ace-a00a-2d436f0fa1df", "value": "04194f8ddd0518fd8005f0e87ae96335", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546087", "to_ids": true, "type": "sha1", "uuid": "c769221d-e96b-427f-ad8c-801658faca13", "value": "469aa836a4b290498fbaabc709a3e587c5052795", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546087", "to_ids": true, "type": "sha256", "uuid": "40903dff-ff6c-4b17-93ec-3e563682d39d", "value": "8a9f96765843288714c111551407d48df48bbd7aac0bdcea67aab856f2d7fbc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204882", "to_ids": true, "type": "ssdeep", "uuid": "9950ffe8-7fac-4183-b8f2-e6f0002a760e", "value": "768:G1ZwCy/+uLtbi/OsgoHhcAS/VGOhG6Uyb9zH:OZwCiAotG6BxzH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204882", "to_ids": false, "type": "size-in-bytes", "uuid": "0361b803-1485-45b6-b4ed-c78f5aa35f5c", "value": "94792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204882", "to_ids": true, "type": "vhash", "uuid": "08ddcab4-6689-4df9-bf2a-4e7f370ef872", "value": "094066651d1515151az17hz2021z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204882", "to_ids": true, "type": "filename", "uuid": "c60683a9-6da9-4e22-8705-c23c3c0e9524", "value": "msedge.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204882", "to_ids": false, "type": "text", "uuid": "4c3f3ba9-a328-4fd0-805d-157ff3992750", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:36/71\nFirst Submission:2025-03-07T07:46:35.000000+00:00\nLast Submission:2025-03-21T19:18:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546090", "uuid": "3bbf61ae-4c19-4d29-b293-8c4d4a52891f", "Attribute": [ { "category": "Payload delivery", "comment": "SFX archives containing ABCDoor JavaScript loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546089", "to_ids": true, "type": "md5", "uuid": "11848cbc-2b24-474d-ac10-cd174aa7ea2b", "value": "043e457726f1bbb6046cb0c9869dbd7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SFX archives containing ABCDoor JavaScript loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546089", "to_ids": true, "type": "sha1", "uuid": "6769f190-9d2a-43d5-ba70-e35ceeef7d97", "value": "b9072d40c9c4f1c0aa7f3e38b2089b0eaad371cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SFX archives containing ABCDoor JavaScript loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546090", "to_ids": true, "type": "sha256", "uuid": "250b5145-3925-4138-886d-899e889f3991", "value": "060abb17a90de5c39c169b417054ec806f4c4f0d7764c64d08fd73a566b6fe0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204905", "to_ids": true, "type": "ssdeep", "uuid": "92c7a56d-8998-417b-8341-cf5aa6bc8b57", "value": "12288:vyveQB/fTHIGaPkKEYzURNAwbAgNOl2bczzGF7:vuDXTIGaPhEYzUzA0mwy6F7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204905", "to_ids": false, "type": "size-in-bytes", "uuid": "76594d96-f037-431f-b04a-496ebfbc5fc2", "value": "471514" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204905", "to_ids": true, "type": "vhash", "uuid": "b7189d6a-9776-4c97-8c09-019f0ea6b159", "value": "045086655d155d1515755az939z3tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204905", "to_ids": true, "type": "filename", "uuid": "57a3ecbc-7ed2-4225-9fd6-73e35ef25654", "value": "Statement.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204905", "to_ids": false, "type": "text", "uuid": "cec76275-8453-4645-b800-f2c5f9ee1150", "value": "SFX archives containing ABCDoor JavaScript loader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vigorf.A\nVT Total Detection:34/69\nFirst Submission:2025-12-31T10:28:27.000000+00:00\nLast Submission:2026-05-03T15:00:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546092", "uuid": "f7dcdfc2-6181-491d-b327-189aecaae3dd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546092", "to_ids": true, "type": "md5", "uuid": "6ff6cbe7-762c-4a50-87fe-6b20380f8938", "value": "06130dc648621e93acb9efb9fabb9651", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546092", "to_ids": true, "type": "sha1", "uuid": "bca7539f-7e91-418a-9d77-5f03c03f351b", "value": "50ad046a789c2b5aa0e1e477c208e5ad3886afca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546092", "to_ids": true, "type": "sha256", "uuid": "252d2ce6-e05b-40af-b52c-5092d5ea5d45", "value": "022117104bdbef4323ca35bcffd4244fc5ed20ed32a9e101ceba971487ea2e43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204926", "to_ids": true, "type": "ssdeep", "uuid": "9c2a8027-3bf8-47b9-98fb-90260aeb2d70", "value": "6144:5TIlK911tmsA3H3tZWesEwg7aQoBGxKjhU0r9s4/Db9eoQ6WsWYMPjaDes:VymIsCH3tZWe6QDojjl9s4/Db+sumas" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204926", "to_ids": false, "type": "size-in-bytes", "uuid": "cdbd7330-20ed-47fe-a20c-2cafe170af39", "value": "586168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204926", "to_ids": true, "type": "vhash", "uuid": "5b765bb4-22cc-43a5-9123-e150070cadf9", "value": "055066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204926", "to_ids": true, "type": "filename", "uuid": "f2732fcf-ac32-4b1e-a69c-bc5c8af22faa", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204926", "to_ids": false, "type": "text", "uuid": "35fde2de-366f-4b57-a182-4cc3287a5bf9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:44/70\nFirst Submission:2026-01-29T08:21:59.000000+00:00\nLast Submission:2026-02-04T09:32:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546095", "uuid": "c45f8f3c-bb48-4eef-ab2a-eb6186c1ff05", "Attribute": [ { "category": "Payload delivery", "comment": "Phishing PDF file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546094", "to_ids": true, "type": "md5", "uuid": "32b99bc2-64f1-457e-94be-a58016e0725d", "value": "0b9b420e3edd2ade5edc44f60ca745a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phishing PDF file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546095", "to_ids": true, "type": "sha1", "uuid": "17dd6e35-c46b-4cfd-b3e7-130acb7ef6da", "value": "0632fabfc99b394d6b7fc5873a2c910af0e21c75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phishing PDF file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546095", "to_ids": true, "type": "sha256", "uuid": "97e19ada-8a25-4d58-b4ce-73f30897870b", "value": "e82fc50fb7fae8b26c99f1df690211f76497e6f2c03ee96b972daec14a9e0fa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204948", "to_ids": true, "type": "ssdeep", "uuid": "0ff9595b-e9ab-4ad5-b11f-51ded059d580", "value": "3072:d/cYZh4gloU6Upif+Nx0UcP2/jnAsXP/YpGLuoNGNDXAu/cCwip9:JpyU62imNx0sjnAsXHeoNcHnwip9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204948", "to_ids": false, "type": "size-in-bytes", "uuid": "8f74d92d-af09-476d-8d1b-0c17bbc4a27e", "value": "145066" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204948", "to_ids": true, "type": "vhash", "uuid": "f1a7d875-bef7-45ac-b25a-a0c1d6a6680f", "value": "9a434df628bdc1c087bc98d2bf5532398" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204948", "to_ids": true, "type": "filename", "uuid": "e5cbd0a0-af92-4adf-8649-5fdb8ea99977", "value": "\u0424\u041d\u0421 \u0420\u043e\u0441\u0441\u0438\u0438.pdf" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204948", "to_ids": false, "type": "text", "uuid": "65d143a9-3661-4c18-bbfa-a9f1001103e6", "value": "Phishing PDF file\r\nType Description: PDF\nMicrosoft: None\nVT Total Detection:19/62\nFirst Submission:2026-01-27T02:34:44.000000+00:00\nLast Submission:2026-01-27T02:38:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546097", "uuid": "80839dcd-b3ff-49b3-92c2-7561432effe5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546097", "to_ids": true, "type": "md5", "uuid": "273739e8-489b-4cbc-b9a1-ac4c53e2349d", "value": "0c3b60ffc4ea9ccce744bfa03b1a3556", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546097", "to_ids": true, "type": "sha1", "uuid": "112a029e-468c-4801-bb52-2c6341d63396", "value": "bbfd896caca6a747d481922aab809e3f55fcbf2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546097", "to_ids": true, "type": "sha256", "uuid": "6eeeff5c-1f73-4df2-8fa0-582052f82fe3", "value": "1f430f1ac74e50e9a41081d3a4dd1cc115c0d73c6978f53cce509e86faf6cf7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204970", "to_ids": true, "type": "ssdeep", "uuid": "6e164a9b-1f55-45d8-a5ba-d2c9099e7b00", "value": "24:qIP6a/5JdX3NeIppfO7NYa7GBJHZ1O7Uf9+Yh7cPa5+4eUOA896ddM+:qI15PNzHIYVvHZ15lMPY+4eEk6fd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204970", "to_ids": false, "type": "size-in-bytes", "uuid": "86cef7bf-ffcf-4574-8618-7899118cbcbb", "value": "1214" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204970", "to_ids": true, "type": "vhash", "uuid": "e7233e64-6c6d-4603-86c5-c724a4dfe923", "value": "0ff541e16986108cc24c0bd8adf073e4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204970", "to_ids": true, "type": "filename", "uuid": "1162aec0-6fa5-48c5-8006-e6be5f37148d", "value": "run_direct.ps1" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204970", "to_ids": false, "type": "text", "uuid": "a27a77be-01be-4eaa-bf51-2d354f003296", "value": "Type Description: Powershell\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:15/61\nFirst Submission:2026-01-02T07:26:57.000000+00:00\nLast Submission:2026-01-02T07:26:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546100", "uuid": "beedaa7a-683f-49a2-969b-3f8582fc8362", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546099", "to_ids": true, "type": "md5", "uuid": "afb8c017-9173-44cb-b374-8093c09e7833", "value": "1020497bef56f4181aefb7a0a9873fb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546100", "to_ids": true, "type": "sha1", "uuid": "982abb3d-0ffd-4aef-92a3-d85fd899e81d", "value": "906ea8772902eff388ac6c6371170e9a882142bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546100", "to_ids": true, "type": "sha256", "uuid": "5a0c9997-6a5f-431d-a578-83c3773073ec", "value": "dbe22ee1e15f4b8421d1c82a04124c3cce99d87a46adb298ce1f1c2b3d8e2306", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778204992", "to_ids": true, "type": "ssdeep", "uuid": "53264107-d7c8-4918-978c-a8046534aebd", "value": "6144:RI1ep9Bjl2k2Z893gnAfY0CbR6obZdHMLtXlx7poo0cMlYbc517es:RvxlH2Z4AqC6obZdUROl2bczys" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778204992", "to_ids": false, "type": "size-in-bytes", "uuid": "30b096af-e3f5-4f0a-9731-c451c0ecbd35", "value": "353208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778204992", "to_ids": true, "type": "vhash", "uuid": "e853d592-b222-4a39-94cc-dd3305ab3b3a", "value": "035066655d1d05756018z5b3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778204992", "to_ids": true, "type": "filename", "uuid": "4e66a220-a55e-4449-8f99-c3bbc10a2d1c", "value": "Check File.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778204992", "to_ids": false, "type": "text", "uuid": "e316fc24-5da7-4eaf-96c3-c915ccf0497b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:40/70\nFirst Submission:2025-12-23T11:45:07.000000+00:00\nLast Submission:2025-12-24T02:09:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546103", "uuid": "a869860d-cb3b-428b-8b33-943283f10f6e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546102", "to_ids": true, "type": "md5", "uuid": "713df08e-6342-422f-a3cd-952f4bbec03f", "value": "11705121f64fa36f1e9d7e59867b0724", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546102", "to_ids": true, "type": "sha1", "uuid": "b0659722-203a-46c1-a11f-e447d4e703ed", "value": "8043854ff5ee141862551b14ec9aef349b563e7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546103", "to_ids": true, "type": "sha256", "uuid": "e2065294-405f-49ad-b79b-d7aa799269ee", "value": "404dd387c02cbb1bdfe5d7f5ac35c151eadfeec1de3f450f59583037d9453bad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205015", "to_ids": true, "type": "ssdeep", "uuid": "f577293f-65b7-412e-a528-071c302e3d87", "value": "49152:EQpXwPdBdSeDUBH9MuoB5uJGX1vQdGsddfJ:EwmSWB5LX1vQdGsp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205015", "to_ids": false, "type": "size-in-bytes", "uuid": "5d721abf-98b9-45da-9b05-003a664ef3c2", "value": "2514432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205015", "to_ids": true, "type": "vhash", "uuid": "9f661c5a-96d0-4d81-ba22-9ead23c9cd5e", "value": "026106655d15551555757az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205015", "to_ids": true, "type": "filename", "uuid": "09c83b9a-e2ff-4929-906f-de965fb88c4d", "value": "GSTSuvidha(2).exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205015", "to_ids": false, "type": "text", "uuid": "492033e9-094e-4408-941c-caf9963aec8d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:34/70\nFirst Submission:2025-04-04T07:32:16.000000+00:00\nLast Submission:2025-04-04T07:32:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546105", "uuid": "22fd90ef-05c7-4026-94b2-77a76f45c10b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546104", "to_ids": true, "type": "md5", "uuid": "25db138c-1c30-4f4a-b0ba-cab02b988042", "value": "13669b8f2bd0af53a3fe9ac0490499e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546105", "to_ids": true, "type": "sha1", "uuid": "749db170-2f29-4e30-a9a4-055b09621e17", "value": "0dc9684946142d231f75ed2c9ce1f7ebc38b39f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546105", "to_ids": true, "type": "sha256", "uuid": "b0ea940d-e202-494e-b82f-76201c45a0f9", "value": "0eb664b45200c9b4e954162128d2c13bc693f6ae57650b49a3a9fb9b2e821110", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205037", "to_ids": true, "type": "ssdeep", "uuid": "eccb3a60-bff9-45a2-8672-092179055cd9", "value": "12288:GQeR+v9U7Jp3YxLRi0Coo5wuA320Y5ZjJBvi1N8jV0makzHQ7z:GQYw9U7JpiRiDsUDB6Csewv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205037", "to_ids": false, "type": "size-in-bytes", "uuid": "96732ad4-b248-4556-bb6c-9baa50bec0cc", "value": "899584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205037", "to_ids": true, "type": "vhash", "uuid": "0c497fd2-092c-46e8-9592-a029314b96ee", "value": "185066655d1555155bzf?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205037", "to_ids": true, "type": "filename", "uuid": "9b1545d4-eef4-436c-81e8-1d02dbcaa3b3", "value": "core.cp310-win_amd64.pyd" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205037", "to_ids": false, "type": "text", "uuid": "d7f93491-e635-46d1-a3dc-e9a5b292196d", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:28/70\nFirst Submission:2025-12-11T16:45:15.000000+00:00\nLast Submission:2026-05-06T05:10:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546108", "uuid": "79f85460-ade7-4c95-ac51-b1f6f6c5e894", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546107", "to_ids": true, "type": "md5", "uuid": "d27bf242-7aa8-48fd-a4cc-5346fa5a4288", "value": "202a5bcb87c34993318cfa3fa0c7ecb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546107", "to_ids": true, "type": "sha1", "uuid": "2319feb5-4cb4-4d9b-bfb2-7059bb951a78", "value": "6f2f742122eb0c7d68f21ab4e4d25a14b21d3a51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546108", "to_ids": true, "type": "sha256", "uuid": "d57805f3-f989-43ff-9a59-398c720966be", "value": "33847bc2d028d7d742294a9159731b7e15976d2d2b2ade06869fd3583991519b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205081", "to_ids": true, "type": "ssdeep", "uuid": "74e65a54-c738-4493-9ed1-505b7afbd59c", "value": "12288:b6DYIxoTPx8TbfiJT4ctKmaGaWKtDGgnGKONFdMPlOcXYNpTsf4z:b6DYIxoTPKTbfiJT4ctKmawgGKOdMPQD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205081", "to_ids": false, "type": "size-in-bytes", "uuid": "5de94b36-a21e-41da-b873-62d42bcae465", "value": "468280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205081", "to_ids": true, "type": "vhash", "uuid": "004180b5-f5c4-43e5-b809-04fda67f939c", "value": "045066655d1d05156018z2f3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205081", "to_ids": true, "type": "filename", "uuid": "a31a9f41-98f9-4267-8b36-97ca30aefc51", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205081", "to_ids": false, "type": "text", "uuid": "f6a95bdf-3a9f-4629-af61-e2701142fbb2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:45/70\nFirst Submission:2026-01-27T09:52:17.000000+00:00\nLast Submission:2026-01-29T10:24:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546110", "uuid": "5979b498-655d-45eb-a9c5-33af57ad6f63", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546110", "to_ids": true, "type": "md5", "uuid": "85c90620-65fa-4bcf-ae08-80d50044e045", "value": "27a3c439308f5c4956d77e23e1aad1a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546110", "to_ids": true, "type": "sha1", "uuid": "e21876f0-4c35-423f-99bd-9d8df43cf101", "value": "ad94d5ee63f405eb6a1a157713aa6999e579c6e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546110", "to_ids": true, "type": "sha256", "uuid": "0dbd4b0b-c07d-4746-8cdd-72f775beb2ad", "value": "fedf8678350dd29713be43f6115a2a8361f011b4b2eaf51e57eb2ffd758caa83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205125", "to_ids": true, "type": "ssdeep", "uuid": "b4634a52-5d50-4c0a-9fa5-379ce2bcec81", "value": "6144:aI/DBaxNSCVTaRIhRAX9pqgY8EZkcKjM9hYS/gcOhb3cQ9WeXHV2kmpeWwxulo0A:aI/0xNSCVTaRIhRAPLYJucKjI5XW59WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205125", "to_ids": false, "type": "size-in-bytes", "uuid": "14263155-f1ea-4753-8678-d5e1da9abf4f", "value": "373176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205125", "to_ids": true, "type": "vhash", "uuid": "3cc685a4-e039-455f-ae04-b79aca03c724", "value": "035066655d1d05756018z5c3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205125", "to_ids": true, "type": "filename", "uuid": "4be982b3-421c-464a-8a7d-fa27f5c7bb28", "value": "List.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205125", "to_ids": false, "type": "text", "uuid": "756503e7-343d-498a-a6ed-e2cdb2ac0aa4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:46/70\nFirst Submission:2025-12-25T05:26:35.000000+00:00\nLast Submission:2025-12-25T05:26:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546113", "uuid": "d2d405fd-7f87-47bc-b4fc-84260b44ff33", "Attribute": [ { "category": "Payload delivery", "comment": "SFX archives containing ABCDoor JavaScript loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546112", "to_ids": true, "type": "md5", "uuid": "4a37ad30-861a-4c84-8bc5-8e879149edcd", "value": "2b92e125184469a0c3740abcaa10350c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SFX archives containing ABCDoor JavaScript loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546113", "to_ids": true, "type": "sha1", "uuid": "e0242b53-1fbb-429c-afba-6e75b1790d72", "value": "7b8bed44093ad774a3d938c9d8a83ef42f66e68c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SFX archives containing ABCDoor JavaScript loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546113", "to_ids": true, "type": "sha256", "uuid": "584c0145-8188-4ece-9bb9-0052f765a7b5", "value": "089f92081ad1997d01320d1b119a9c4ab37c7076aded64da9f8c109f10e0fbb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205146", "to_ids": true, "type": "ssdeep", "uuid": "f4c4779a-c63b-4c5c-8b6a-c62a0ff83c85", "value": "12288:yyveQB/fTHIGaPkKEYzURNAwbAgXjTGF7:yuDXTIGaPhEYzUzA0paF7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205146", "to_ids": false, "type": "size-in-bytes", "uuid": "ca4bc619-e710-4626-86fc-95a332819865", "value": "448986" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205146", "to_ids": true, "type": "vhash", "uuid": "934f9805-2530-429a-9331-2d29b8f800fc", "value": "045086655d155d1515755az939z3tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205146", "to_ids": true, "type": "filename", "uuid": "06f9185c-8efc-4da8-a36c-d2294a0b422e", "value": "BillReceipt.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205146", "to_ids": false, "type": "text", "uuid": "46048d9f-6b54-4aed-a6ce-ab0da1b5dde5", "value": "SFX archives containing ABCDoor JavaScript loader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vigorf.A\nVT Total Detection:31/69\nFirst Submission:2025-12-18T11:03:29.000000+00:00\nLast Submission:2026-05-03T14:59:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546116", "uuid": "97bb93d7-eae9-459f-9ccf-f2ea65bbc440", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546115", "to_ids": true, "type": "md5", "uuid": "60f8bc52-0f97-463d-bd89-2d057169c557", "value": "32407207e9e9a0948d167dca96c41d1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546115", "to_ids": true, "type": "sha1", "uuid": "9f18b3b0-b60e-4d72-88bb-c496a30c614c", "value": "fb394d542551fe000d6f45a88e9a639eb6ee3215", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546116", "to_ids": true, "type": "sha256", "uuid": "e029e2c9-8914-4aed-b4d9-cd24ea4fac82", "value": "e2f74e3d3d8df95b638dc2827243099c2999b8c15073e31cc3544e464a46840c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205168", "to_ids": true, "type": "ssdeep", "uuid": "422bba4b-0108-48cf-9292-7178837bf124", "value": "3072:tX47fcIrwR8ksunm10XenjmA39XbFvAbi:tX45rw6wm10Xen3NXbFN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205168", "to_ids": false, "type": "size-in-bytes", "uuid": "6a859e51-0aef-478e-9e90-32483a96073c", "value": "305195" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205168", "to_ids": true, "type": "vhash", "uuid": "9907efb9-3935-4423-86d1-1abc55b77f1f", "value": "035056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205168", "to_ids": true, "type": "filename", "uuid": "046b7d31-0f07-4773-9c7a-70c622f577ad", "value": "j07v4s2h.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205168", "to_ids": false, "type": "text", "uuid": "e9ba2d44-492a-4f75-a142-6af4727a79ab", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:31/71\nFirst Submission:2025-08-24T11:13:06.000000+00:00\nLast Submission:2025-08-24T11:13:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546118", "uuid": "d352b127-9b2d-4e5d-8162-78e78f026ec3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546117", "to_ids": true, "type": "md5", "uuid": "aeaae308-29f0-4ef5-b782-694d8ebbfbc8", "value": "3279307508f3e5fb3a2420dec645f583", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546118", "to_ids": true, "type": "sha1", "uuid": "7447eea0-ddc6-4fad-a847-e2478eebf450", "value": "429cf7652e30d386d4c0e3e40c5335f3a406f200", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546118", "to_ids": true, "type": "sha256", "uuid": "056184aa-8e75-49b5-849c-ec99ac9094ed", "value": "60725dbd8c060f78ae2ab8cb2ce96d9a2216d1dab6c428fb07b19247981802d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205190", "to_ids": true, "type": "ssdeep", "uuid": "25cc94be-d266-4ca4-ba97-cca8d4e99d4e", "value": "6144:wh4yV92r3JX1/dkgNYRUanB8wP4SgE4ML0fFUc/koo0cMlYbc5iLves:w583JX1CSLXwPxgElxol2bcMLms" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205190", "to_ids": false, "type": "size-in-bytes", "uuid": "55500fca-0975-4be9-9036-feeaff446832", "value": "353720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205190", "to_ids": true, "type": "vhash", "uuid": "7aa73bfc-f538-47e7-8a42-33d69c36d7f0", "value": "035066655d1d05756018z5b3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205190", "to_ids": true, "type": "filename", "uuid": "77ebdb66-3ade-46f1-9559-d2892b1e4d0d", "value": "Open file.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205190", "to_ids": false, "type": "text", "uuid": "7c8649df-96ed-410b-88c0-ebaa45e48753", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:46/70\nFirst Submission:2025-12-23T11:49:43.000000+00:00\nLast Submission:2025-12-29T08:36:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546121", "uuid": "aa870f4a-9efd-4ab7-98fb-deb5b695e0ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546120", "to_ids": true, "type": "md5", "uuid": "2f566e22-d300-487c-b3d1-904e05976ffe", "value": "3417b9cf7acb22fae9e24603d4de1194", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546120", "to_ids": true, "type": "sha1", "uuid": "7d87bc58-0802-42da-8699-e5d2bb24b9a8", "value": "8c29a2693ddf208455db290abfc76c153da27643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546121", "to_ids": true, "type": "sha256", "uuid": "96cff8a2-8209-4651-9f60-278af0cc9baf", "value": "c925048d6da2a2cd30ad521c1153f56366ee4bacbe84c8b929c1be7f9f2aa445", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205212", "to_ids": true, "type": "ssdeep", "uuid": "6e8b92b2-6d6a-4320-b2f9-29a7d676d988", "value": "6144:2gqkT9wSMDpgW4n/uN0Yg4Hqtf2KzBjqBdBElXUveel6hsCOiznuV3:PXatan/ulXK5zgdBElXUYsynuV3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205212", "to_ids": false, "type": "size-in-bytes", "uuid": "6ea03dba-eb35-4a44-9f40-c60a3f1d42fb", "value": "461104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205212", "to_ids": true, "type": "vhash", "uuid": "2e84b20b-7207-4454-8e67-683c06cdb4dd", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205212", "to_ids": true, "type": "filename", "uuid": "860bfbe9-d21e-4e44-8644-a6d98445e76c", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205212", "to_ids": false, "type": "text", "uuid": "48662f4f-8923-44a0-af67-ea58cc2ac65e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:47/70\nFirst Submission:2026-02-02T10:43:36.000000+00:00\nLast Submission:2026-02-02T21:17:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546124", "uuid": "183b09ec-cac9-4473-a20e-3d15fb8b5396", "Attribute": [ { "category": "Payload delivery", "comment": "ValleyRAT plugins installing ABCDoor", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546123", "to_ids": true, "type": "md5", "uuid": "8982b291-b4e4-4772-bb19-8c711532022e", "value": "4a5195a38a458cdd2c1b5ab13af3b393", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ValleyRAT plugins installing ABCDoor", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546123", "to_ids": true, "type": "sha1", "uuid": "338151ac-d81e-4032-aee6-e1d125b4ba10", "value": "b6204bdae6441f6ba5e2196874019333d3f44346", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ValleyRAT plugins installing ABCDoor", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546124", "to_ids": true, "type": "sha256", "uuid": "d09505c7-6710-4a5a-8683-b87a5e002985", "value": "b459109d2748723ebd9b212074cebd53ba95c589d540089e41380baad596f30d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205234", "to_ids": true, "type": "ssdeep", "uuid": "0e516728-0684-48ed-bb3c-16ecd222a15f", "value": "384:6caVWQPWhdu04EmRUF4MVqip8oeETA7LgmTOYnTxV0KIiiErrSKJi2jIwQ2Ul405:6caohQGSMUnG0rGKMFD2MROan8jxFU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205234", "to_ids": false, "type": "size-in-bytes", "uuid": "399f530c-b794-4624-abb6-a36ecc59217f", "value": "37888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205234", "to_ids": true, "type": "vhash", "uuid": "f24e250f-46db-41aa-a1ef-8cdbb33675be", "value": "134056651d15155az1b7z3035z21z13z63z24z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205234", "to_ids": true, "type": "filename", "uuid": "02a25f8d-d2fa-4c13-9c59-5473f7e30adc", "value": "2o52oiz.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205234", "to_ids": false, "type": "text", "uuid": "897ac47c-5b39-4a31-b0dd-f1b0268563a5", "value": "ValleyRAT plugins installing ABCDoor\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:41/71\nFirst Submission:2025-12-05T03:28:06.000000+00:00\nLast Submission:2025-12-05T03:28:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546126", "uuid": "182a7c93-46c7-4983-99ad-907b4bad28e0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546126", "to_ids": true, "type": "md5", "uuid": "462cefe8-4392-41ca-a120-0a5c14d9b2ef", "value": "4d343515f4c87b9a2ffd2f46665d2d57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546126", "to_ids": true, "type": "sha1", "uuid": "e57c11fc-967a-450f-a1a3-330e7a7047f2", "value": "03e2869bcbee6534cdb5f363275af8bc041ca159", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546126", "to_ids": true, "type": "sha256", "uuid": "38b59726-890a-4ea4-a578-9242fad2a946", "value": "059661361091006ccad7cef5798865e9bbf94c6d521d649b55cef7beac1da9de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205255", "to_ids": true, "type": "ssdeep", "uuid": "42754799-f76b-4f29-ac3c-ed7657ad3587", "value": "393216:fha7AN6ylT6dN6iJXUTqQoKtzja9UqkrXNObrFuucgxptBZz3rlVv9UfH+mz+EuV:puvylTEN7SOVszjaKqkrs9uuZxzBZfl9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205255", "to_ids": false, "type": "size-in-bytes", "uuid": "39e6aab8-1b64-4966-a88f-5b45055ac908", "value": "24471901" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205255", "to_ids": true, "type": "vhash", "uuid": "0d85ae0e-27d6-4061-b5ee-796791191409", "value": "027076655d155d15155az8b9z3tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205255", "to_ids": true, "type": "filename", "uuid": "bbc5e964-05d8-403e-881e-8064c96c4b5d", "value": "RemoteInstaller_20250803165259_whatsapp.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205255", "to_ids": false, "type": "text", "uuid": "0d31c3e1-f099-43ab-bda1-7bbee9825951", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:27/70\nFirst Submission:2025-08-03T08:53:46.000000+00:00\nLast Submission:2025-08-03T08:53:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546129", "uuid": "fc0a1d49-353d-4e47-b0d6-231b86d0c218", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546128", "to_ids": true, "type": "md5", "uuid": "1cde67c9-65ab-4e02-a7be-a5119e6ab710", "value": "4fc8c78516a8c2130286429686e200ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546128", "to_ids": true, "type": "sha1", "uuid": "ab464dba-a8de-454e-ab1b-99d5a3147918", "value": "38a03f625cd9de3086a7ea6759c0b46115a0525b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546129", "to_ids": true, "type": "sha256", "uuid": "798c8d63-1d46-4356-a7a9-6fe0a74d0487", "value": "d8f9f8bc811f428dd9605000470c5f496f46145e2d3d8b7e750bca901e55fcdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205277", "to_ids": true, "type": "ssdeep", "uuid": "1073ad37-1637-48e3-98aa-aa5f1ed4473c", "value": "6144:pwBLIXz2AZC9XsU0ROQttbS7PFF4Sjg4YqFQBOZCNoacYGDyKys+HDftfcXCTj5O:pZZ2sU0QUtbS7PDzfzENoacAsAGfDz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205277", "to_ids": false, "type": "size-in-bytes", "uuid": "b4c3718d-aa30-4e5a-bdee-abb7a1e69abc", "value": "473400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205277", "to_ids": true, "type": "vhash", "uuid": "dd41b479-b341-4996-a25b-97b592a8d71c", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205277", "to_ids": true, "type": "filename", "uuid": "24e576f4-2cb3-4332-a4c7-80f6c3b28911", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205277", "to_ids": false, "type": "text", "uuid": "36803b5d-ba37-42bd-9386-4940c4df4fb2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:49/70\nFirst Submission:2026-02-02T08:33:18.000000+00:00\nLast Submission:2026-02-04T10:15:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546131", "uuid": "bc81f01b-79cf-48d2-ae36-1af64ef70f15", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546131", "to_ids": true, "type": "md5", "uuid": "e22a0359-5030-46f5-98d7-4edea3fb88d7", "value": "5390e8bf7131caaaa98a5dd63e27b2bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546131", "to_ids": true, "type": "sha1", "uuid": "5325b260-3cc2-42c4-a41c-2018992a6479", "value": "d9d6d5b8ca2d60edf5f2c0a9a90a5e24102b7c95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546131", "to_ids": true, "type": "sha256", "uuid": "7fb1d8fd-c88e-476e-b444-7761601e8614", "value": "e18e699d1e3f53632cd978dbe1331815cc2255e3a03a8f1717f2457c77b82ec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205299", "to_ids": true, "type": "ssdeep", "uuid": "2efd69ca-8e84-4869-9f66-e25ef39c0616", "value": "6144:xoA2ym/N2E19VHsgKQ9JRol3cwWC05cqsYgtuRjb4g/TQ3RGGKOBHsMOr4TaSes:x89/KWe05cUK6V/TQ3DsfzNs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205299", "to_ids": false, "type": "size-in-bytes", "uuid": "76c449a2-e18f-4267-9fac-993b75975131", "value": "594360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205299", "to_ids": true, "type": "vhash", "uuid": "4202baf7-a851-405c-bdc0-53bc9c234576", "value": "055066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205299", "to_ids": true, "type": "filename", "uuid": "87176d84-090d-4c49-ad18-4d02f2c6f2f9", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205299", "to_ids": false, "type": "text", "uuid": "0999160f-918c-4697-9e58-ac0c3c2b195f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:27/70\nFirst Submission:2026-01-30T01:43:04.000000+00:00\nLast Submission:2026-02-02T21:42:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546134", "uuid": "209caae7-69a2-4c41-ada0-1cefccd7a003", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546133", "to_ids": true, "type": "md5", "uuid": "1cf26ce6-a249-41d8-af1b-3695ce38b7e8", "value": "53b68ca8d7a54c15700cf9500ae4a4e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546134", "to_ids": true, "type": "sha1", "uuid": "5a5b0dff-8708-4ddb-9ee2-8d2546f53528", "value": "479717a1f225e59c68fcad463fabf539d7a6f173", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546134", "to_ids": true, "type": "sha256", "uuid": "e4b69f5c-7405-41e4-92fb-73155763cd73", "value": "34f210232c3c3edca2630c70f86839244d7989c0b556cf93471dc7f480aed7aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205321", "to_ids": true, "type": "ssdeep", "uuid": "152fe9d6-3a6b-43b3-99a5-f37303f870ac", "value": "12288:nY3QJJsVtXSbSnZhD3fSoADOskul2bcz7uV3:nYAJOh+Yx6DOsPwkuV3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205321", "to_ids": false, "type": "size-in-bytes", "uuid": "0bf3a522-c30d-4c9b-8026-3dda0e54a952", "value": "397616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205321", "to_ids": true, "type": "vhash", "uuid": "8fabcbf1-fddd-4cdb-930e-a06dd6362b89", "value": "035066655d1d05756058z613z3hzafz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205321", "to_ids": true, "type": "filename", "uuid": "d17640d5-2894-450b-b59c-1d5e6ba8c926", "value": "3f45d8.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205321", "to_ids": false, "type": "text", "uuid": "3e92af11-ad30-4695-bc70-3877b3537f46", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:51/70\nFirst Submission:2026-01-07T05:29:37.000000+00:00\nLast Submission:2026-01-08T02:20:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546137", "uuid": "2334c64c-836e-45d2-a627-b58f60a16a6c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546136", "to_ids": true, "type": "md5", "uuid": "75616229-b444-4247-bcfb-eb0ae4a5ab6c", "value": "5b998a5bc5ad1c550564294034d4a62c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546136", "to_ids": true, "type": "sha1", "uuid": "5d543165-e48a-41c2-b3d5-096f594c4b2a", "value": "f316cbc5c78f0ab41d07379ce143ad11eaad4590", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546137", "to_ids": true, "type": "sha256", "uuid": "da6563db-6032-49bd-8399-2e602165dc40", "value": "357567196276b19341224c1cb6c673aaa98fa35bc040d2a0b6f3cc9ef5bf88d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205342", "to_ids": true, "type": "ssdeep", "uuid": "3a1a05c0-5d28-4e2f-9a98-bdf99c9719d8", "value": "6144:iF2dCXeK+vNEKo4SSIrvbhHNtqbzOCIcMw4V:iF2dbI3hiTM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205342", "to_ids": false, "type": "size-in-bytes", "uuid": "0c9a75b4-9aa2-4bd1-a24c-4e1b5abcd797", "value": "202752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205342", "to_ids": true, "type": "vhash", "uuid": "fbbee4fe-1e50-4331-be75-4f28bca225ca", "value": "125066655d1555151bzf?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205342", "to_ids": true, "type": "filename", "uuid": "431addf2-abf5-4cab-8031-65844fd0be53", "value": "appclient.cp310-win_amd64.pyd" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205342", "to_ids": false, "type": "text", "uuid": "4c21f5ff-e775-400a-aff9-95e2171c847d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:27/70\nFirst Submission:2024-12-19T19:31:11.000000+00:00\nLast Submission:2024-12-19T19:31:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546139", "uuid": "bbf288c8-6f2e-4ac8-a08a-bb678c3e015c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546138", "to_ids": true, "type": "md5", "uuid": "6b73d7f9-c282-4d22-bbd4-3cef079bf5e9", "value": "5ed84b2099e220d645934e1fd552ae3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546139", "to_ids": true, "type": "sha1", "uuid": "49e88f77-0384-4dba-8e10-6214523ce751", "value": "2c2ebe8f78f1a4143e6a125adb7a4efd2aebc275", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546139", "to_ids": true, "type": "sha256", "uuid": "89197478-2ebc-4cdd-97e5-f9733d8ef049", "value": "a553833771f3e75ec3132f1295284e0e885e048b288f37ff8546677e5cb42f2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205364", "to_ids": true, "type": "ssdeep", "uuid": "4aedd2f8-3ef6-44d7-a554-6869860e4d7f", "value": "6144:txXItz908ugq7ydSnX3JqgiL3YZVVsDUxdOhL2exzsDlfjgd:t9ItfNQydSnX0JImDUxdqsZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205364", "to_ids": false, "type": "size-in-bytes", "uuid": "00da1b6e-06d3-4fde-8566-d6508e4bd84e", "value": "465864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205364", "to_ids": true, "type": "vhash", "uuid": "1ce72e24-415a-4b73-a65f-5d60c98c667f", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205364", "to_ids": true, "type": "filename", "uuid": "15de7957-f5ee-4ce9-bbc5-f09e43a4fdda", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205364", "to_ids": false, "type": "text", "uuid": "6a7cfa4e-b9f1-4fa5-9ee1-8bb9cbdf46b9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:48/70\nFirst Submission:2026-02-02T05:01:32.000000+00:00\nLast Submission:2026-02-02T22:04:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546142", "uuid": "fac52efa-26ec-4c47-8f06-098b24a66aca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546141", "to_ids": true, "type": "md5", "uuid": "3228aef9-56f2-4bd7-8714-619130da145a", "value": "6495c409b59deb72cfcb2b2da983b3bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546141", "to_ids": true, "type": "sha1", "uuid": "ac4405b1-1654-4d1c-8e5b-ce11c1933779", "value": "3f2cf94544a3cf1027bff747deb355f5635a0651", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546142", "to_ids": true, "type": "sha256", "uuid": "276bbace-2e2b-4bd0-9ead-234a1efaa1c0", "value": "6463232ba7353e333fa0a19673ce71bb366d8001b3cbb87170da3fb39fc1767a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205386", "to_ids": true, "type": "ssdeep", "uuid": "3d5bb486-654c-469e-9f3e-8bce7a471324", "value": "6144:4R88s9CP6cdxDG/GHpNflKrtu5b0EcxxtKzexpplA9+cxE:4m8uczDGoNIQ0EcRKzeTplGFC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205386", "to_ids": false, "type": "size-in-bytes", "uuid": "91ccc86f-1a02-4bea-b94b-f593a8a2a542", "value": "255772" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205386", "to_ids": true, "type": "vhash", "uuid": "e2e87fee-b644-42c2-93bc-e1fca043c060", "value": "65df5e475a48a5a9b92d98c0adc87e73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205386", "to_ids": true, "type": "filename", "uuid": "47ea144e-5b6b-4447-ae4c-5f6f4e18a812", "value": "CBDT.zip" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205386", "to_ids": false, "type": "text", "uuid": "2d658116-7c6a-4f9c-aabc-41a916556f7b", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:27/66\nFirst Submission:2025-12-19T10:21:43.000000+00:00\nLast Submission:2025-12-23T12:17:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546144", "uuid": "2defcbad-ea22-4214-8b7e-8c9049f99fd4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546144", "to_ids": true, "type": "md5", "uuid": "b33eeea7-bbb3-4fd9-a896-1d8c72755cd5", "value": "6cf382d3a0eae57b8baaa263e4ed8d00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546144", "to_ids": true, "type": "sha1", "uuid": "24a4f7f6-f8d1-458c-af14-a9ec90a9c32e", "value": "4f3cd4f2e23f0ee36aff9a0e5c6ac249752f6844", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546144", "to_ids": true, "type": "sha256", "uuid": "c8b67df2-4ba8-40b8-be06-f877ae55724e", "value": "06036d8f881541999541dab9fb808df1011432592e79677100cee5a7f1ddd2ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205429", "to_ids": true, "type": "ssdeep", "uuid": "028629a5-fbf8-4495-a188-c763694e6a64", "value": "1536:FrX4tpfcUjrwLxZYE8ksunc/1qJiq3OOuISN99pLjziriUrjY/nnOIFeu1ifY1:tX47fcIrwR8ksunm10XenLEiUre1r1+i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205429", "to_ids": false, "type": "size-in-bytes", "uuid": "044842e8-c00b-463d-9945-1ebb9a7878f4", "value": "305402" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205429", "to_ids": true, "type": "vhash", "uuid": "2f68c302-1c02-408c-b50f-96201a7fff61", "value": "035056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205429", "to_ids": true, "type": "filename", "uuid": "f38d5cdb-4dda-4f55-bbcd-a479544a0331", "value": "MCA-Ministry.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205429", "to_ids": false, "type": "text", "uuid": "7ca89b42-9f3d-4237-a0c8-810aa40603c9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:31/70\nFirst Submission:2025-08-26T05:40:12.000000+00:00\nLast Submission:2025-09-15T05:54:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546147", "uuid": "fe0cddf6-fb7a-4394-9cdb-b96c858a2e4c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546146", "to_ids": true, "type": "md5", "uuid": "541d932b-d80f-40c0-a1ce-04868aac08b5", "value": "7f27818e4244310a645984ccc41ea818", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546147", "to_ids": true, "type": "sha1", "uuid": "cbe599a6-9168-48e7-8589-9c106eab5b70", "value": "7d8c4ebbdae78fc437fff48da736e38243c279d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546147", "to_ids": true, "type": "sha256", "uuid": "5dca3d7f-4a36-4d16-ae6b-fc287cea0904", "value": "c9f15cf5a64fb7ad5791bec6c2cfe0dd5341ae08dcbac0ef67e1044254da4af1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205472", "to_ids": true, "type": "ssdeep", "uuid": "438a44dd-36c5-4723-a949-c2c843e0818c", "value": "6144:sOEaDZc97R8aW6uCoX6hKHVSglMSmx5kPhsCHLJDeYe46+s10v5/Xao1vz:sMuI6uCoX6EcKY+hsCHLJBsGvh5z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205472", "to_ids": false, "type": "size-in-bytes", "uuid": "ad21a2ef-2156-45c7-ae70-b4a41010fd9d", "value": "461112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205472", "to_ids": true, "type": "vhash", "uuid": "1706bfed-f9f9-487c-b297-1c5e38addfa2", "value": "045066655d1d05156018z5e3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205472", "to_ids": true, "type": "filename", "uuid": "e745a822-7755-467c-bb13-a42f2ae9c7ec", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205472", "to_ids": false, "type": "text", "uuid": "8a4f556f-83e1-4e14-8b4f-6928cf769136", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:48/70\nFirst Submission:2026-01-26T07:31:33.000000+00:00\nLast Submission:2026-05-01T03:46:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546150", "uuid": "7eedc51b-28b5-42c5-b5c5-4ae249b4ff6f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546149", "to_ids": true, "type": "md5", "uuid": "eca0b667-40e2-4c96-bbb1-434127299c53", "value": "814032eec3bc31643f8faa4234d0e049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546149", "to_ids": true, "type": "sha1", "uuid": "1868b583-4f26-40e8-9450-86d9cbde12ae", "value": "8459b72eb99e73ab12b1b84800dd54dd9a78aa37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546150", "to_ids": true, "type": "sha256", "uuid": "9c39a67e-7f9e-45f0-a610-53eae8c1b4aa", "value": "e221758a07073b67097b034d51cde9c37a136cd220fde4c586bad52c39b9f0ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205494", "to_ids": true, "type": "ssdeep", "uuid": "124d5484-ef1d-490e-8bc2-309be8e9cd40", "value": "6144:rjclUpuJr5Hx05pnYtA4kr/Nco4Z7a5ELFvEZgFeXzCQPL6DZrFg+cxt:vIUpu15HxO9Ya7rGg5gFTeXzvLAKF3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205494", "to_ids": false, "type": "size-in-bytes", "uuid": "07247dff-916b-447b-b2ac-677892ebe15f", "value": "278209" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205494", "to_ids": true, "type": "vhash", "uuid": "a2743da6-9f5d-438d-bd8c-032a8722530e", "value": "65df5e475a48a5a9b92d98c0adc87e73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205494", "to_ids": true, "type": "filename", "uuid": "1f663c13-eb1c-4cb4-a44d-0f3add160836", "value": "December Statement.zip" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205494", "to_ids": false, "type": "text", "uuid": "23493d6b-7df6-4be8-a934-6d0b9b03657b", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:23/66\nFirst Submission:2025-12-31T10:28:13.000000+00:00\nLast Submission:2026-01-02T13:44:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546153", "uuid": "7775e962-128c-40d0-9f4a-a98d38b4efed", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546152", "to_ids": true, "type": "md5", "uuid": "70950a9b-4d88-47e7-982e-a10292f8d9ba", "value": "891de2ff486a1824f2db01c1bdf1d2e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546152", "to_ids": true, "type": "sha1", "uuid": "b74e7dc8-5b73-4506-8e0b-392df33107c1", "value": "a6f698cbd0f5dab7b22e42009ff9616c8ed308da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546153", "to_ids": true, "type": "sha256", "uuid": "342effe6-1b21-4757-a226-64b2978caff9", "value": "cb382efe6249c62044144aaf20663881b12a8813c0de80a4c90b46ad54d93007", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205537", "to_ids": true, "type": "ssdeep", "uuid": "1fe6248e-5060-4af4-9aa3-529cb0015ce8", "value": "6144:dvItDKQix9MPp53DgVdf6+jlgdrn85lDmnQMcxCtgcaheszsBORwfes:dfj+XgVdf6Sm6DmnQfcahCBORw2s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205537", "to_ids": false, "type": "size-in-bytes", "uuid": "aed1206b-2791-469c-aed7-5f47c50c0b3c", "value": "498104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205537", "to_ids": true, "type": "vhash", "uuid": "13c41f91-057a-43a3-a9fb-92a7f1cd2668", "value": "045066655d1d05556018z5b3z2@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205537", "to_ids": true, "type": "filename", "uuid": "d96a8d04-1864-4786-955f-64b45ff75f96", "value": "ExtractFile.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205537", "to_ids": false, "type": "text", "uuid": "2502bd3c-67d5-4bb1-8a97-25d6bfbf8b79", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/70\nFirst Submission:2025-12-29T08:09:12.000000+00:00\nLast Submission:2026-01-05T05:42:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546155", "uuid": "cc2b0a67-6cbd-4302-87d8-4fe28a347d12", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546155", "to_ids": true, "type": "md5", "uuid": "1ac572ac-9a94-47a4-9af0-b092b195bf22", "value": "8ac5bee89436b29f9817e434507fef55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546155", "to_ids": true, "type": "sha1", "uuid": "7f7a8dc1-6dc7-479d-bd84-6d19d00b6196", "value": "34d792d07092d963375e336869c9f40296858345", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546155", "to_ids": true, "type": "sha256", "uuid": "8ca3211c-83f3-41f4-8ca3-8fd947b4c0e8", "value": "0cffb8b8fd11f300b5477ff23ec576f66ab65c021d995fa5495827237e679d93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205559", "to_ids": true, "type": "ssdeep", "uuid": "122c2293-78ee-48e3-8ed3-d0583508f3e3", "value": "6144:+tRtH9oZlF+VPD8HRgy+nt8+ngfiKsN2AiaueekK6WshCHf0fTnuV3:yv+QVPDkhsswN2AiaufsJbuV3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205559", "to_ids": false, "type": "size-in-bytes", "uuid": "8e822426-fd0b-4c5b-9a66-6e0d86659882", "value": "460080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205559", "to_ids": true, "type": "vhash", "uuid": "57fff776-e518-4c21-815d-6fee2c375b4c", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205559", "to_ids": true, "type": "filename", "uuid": "a979c9ad-5f01-431e-b5fc-7b45c055634d", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205559", "to_ids": false, "type": "text", "uuid": "2d630200-2922-4715-ba34-f6f09691a79a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:50/70\nFirst Submission:2026-01-30T14:36:59.000000+00:00\nLast Submission:2026-02-01T11:13:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546158", "uuid": "d08d8c28-aac2-4b3c-b48a-43342c817964", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546157", "to_ids": true, "type": "md5", "uuid": "e9a55f6e-2d8e-40ad-a2c6-8eec3544c356", "value": "90257aa1e7c9118055c09d4a978d4bee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546158", "to_ids": true, "type": "sha1", "uuid": "e58737e0-92ee-4991-8747-93cf233e9cb3", "value": "f55ee364347a67b1452bf5ec228932737f5a992f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546158", "to_ids": true, "type": "sha256", "uuid": "f3a60b70-e4ce-4946-8ed2-8a3c6dcaa667", "value": "838ca977af4ac18fab22de8b781604eb7bb63d758d457d9a0819ecf6dc0f756d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205580", "to_ids": true, "type": "ssdeep", "uuid": "28bfb2be-ebee-4837-81c6-2b97211a5f84", "value": "6144:+jclUpuJr5Hx05pnYtA4kr/Nco4Z7a5ELFvEZgFeXzCQPL6DZrFg+cxN:2IUpu15HxO9Ya7rGg5gFTeXzvLAKFf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205580", "to_ids": false, "type": "size-in-bytes", "uuid": "2962759b-540a-411f-8c5b-78365d9c6b67", "value": "278225" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205580", "to_ids": true, "type": "vhash", "uuid": "05f9ad3c-121e-456b-8f3c-6dc80c19b62d", "value": "65df5e475a48a5a9b92d98c0adc87e73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205580", "to_ids": true, "type": "filename", "uuid": "b9b694d6-44ce-49b8-967a-21a9b2565ac2", "value": "December Statement (3).zip" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205580", "to_ids": false, "type": "text", "uuid": "8aa20ff7-50b2-4089-8e9e-d2ed4be014c1", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:27/66\nFirst Submission:2026-01-06T09:32:19.000000+00:00\nLast Submission:2026-01-06T16:27:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546161", "uuid": "eea37047-ed27-4f14-9dec-ccb52c62664a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546160", "to_ids": true, "type": "md5", "uuid": "f1de890d-0fc3-41bd-a161-d4d6622e878c", "value": "933f1cb8ed2ced5d0dd2877c5ea374e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546160", "to_ids": true, "type": "sha1", "uuid": "9dd279cc-b824-4540-8c95-c0ee94519d7b", "value": "00057761e6052cbd7d413a39db8a7480d70b202e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546161", "to_ids": true, "type": "sha256", "uuid": "374e0efe-dc75-475e-be75-0ad71b689ee5", "value": "f9de109396ce5d2a87b475641f81451b2d1e718252ae57ac4a378a517c56dd89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205603", "to_ids": true, "type": "ssdeep", "uuid": "9e91853c-0025-40f5-a51c-9adb490bc676", "value": "6144:4scB+9vJ/19VxcHlt1gU6gGO+XKeJKePjYKK29o8tfeYP6zs5yUgTNmes:ZaGnxcHlt1clJceLK29o8taskxBs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205603", "to_ids": false, "type": "size-in-bytes", "uuid": "0c84ce42-a8cc-4a35-a506-97e20768b17f", "value": "462264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205603", "to_ids": true, "type": "vhash", "uuid": "ae2da901-51e8-4938-9a73-eb45d8c1dc67", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205603", "to_ids": true, "type": "filename", "uuid": "392ffd7b-8109-400f-825e-1e36b407f586", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205603", "to_ids": false, "type": "text", "uuid": "6b46498d-a780-4553-be4c-93ffb51ff46b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:46/70\nFirst Submission:2026-02-03T05:35:25.000000+00:00\nLast Submission:2026-03-23T12:26:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546163", "uuid": "12ce464a-0bba-4a17-b0c7-efb0d61672b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546162", "to_ids": true, "type": "md5", "uuid": "bc9d56f9-1725-4ada-b14a-719f4d34fbe2", "value": "9bf9f635019494c4b70fb0a7c0fb53e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546163", "to_ids": true, "type": "sha1", "uuid": "7074062f-a883-47d1-b0bd-a5f8df2c0c4a", "value": "b1d85bce50e7dde49535e653b8dd1f4b2e400ed0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546163", "to_ids": true, "type": "sha256", "uuid": "56a37e24-16aa-434b-9128-3f714e7c0b50", "value": "695e4d107becf0cf91e7e5cb1c3039a326e15e7428101e3a697a7be98629766a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205625", "to_ids": true, "type": "ssdeep", "uuid": "701801f1-e357-4dec-8e7b-04625efdac79", "value": "12288:LfDgeCkAVTGav9EP7wjOjasWBeamChry8+3gUCu:LfDgedOqP7dWsamChryDx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205625", "to_ids": false, "type": "size-in-bytes", "uuid": "b7a87219-ea35-4e82-abb4-1655942e5c8f", "value": "799232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205625", "to_ids": true, "type": "vhash", "uuid": "e883fd5c-597d-491f-8525-837a5680cfbe", "value": "175066655d1555155bzf?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205625", "to_ids": true, "type": "filename", "uuid": "235591c6-52fc-4ed2-8364-23e68afb7530", "value": "core.cp310-win_amd64.pyd" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205625", "to_ids": false, "type": "text", "uuid": "e5a42cd1-3d41-462f-8574-3d1c7047e33a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:32/70\nFirst Submission:2025-07-15T09:20:29.000000+00:00\nLast Submission:2025-07-15T09:20:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546166", "uuid": "784be70a-b5a5-4b9b-a374-879560c8b111", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546165", "to_ids": true, "type": "md5", "uuid": "2e9cd500-09a6-4d47-a174-7787f13a7130", "value": "a234850dfdfd7ee128f648f9750dd2c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546165", "to_ids": true, "type": "sha1", "uuid": "15b6af33-9360-4626-9010-361e6f50b1f6", "value": "0ac6b8a5f0572b82f6483f2dff2d1535e3da55f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546166", "to_ids": true, "type": "sha256", "uuid": "d37424e6-1fae-49b8-a988-fea7a549998c", "value": "56366c635d7b2ae88e8c8e9511f0c12e1cf1173b8be8c8f211b38a26d3a21e1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205647", "to_ids": true, "type": "ssdeep", "uuid": "af36fab2-673c-45c3-9f58-966d121dc317", "value": "6144:ZxAPw9QXSXZxh4Ce8goCfzUIe6X4Qb+5dM+ch+MBt1o0cMlYbc5/3es:ZxQzCXZxh4WTQz3X4QbIJUl2bcss" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205647", "to_ids": false, "type": "size-in-bytes", "uuid": "3fe1137c-3baa-4379-8817-17d7c760bcea", "value": "352184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205647", "to_ids": true, "type": "vhash", "uuid": "a5f68bd4-9458-4ed1-a62f-8b45f5064771", "value": "035066655d1d05756018z5b3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205647", "to_ids": true, "type": "filename", "uuid": "0d671099-7cc3-419a-9c56-ec1e15994299", "value": "Open the file.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205647", "to_ids": false, "type": "text", "uuid": "488e9152-e464-43c7-b0d2-6e796c090b46", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:44/70\nFirst Submission:2025-12-24T05:41:46.000000+00:00\nLast Submission:2025-12-24T05:41:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546167", "uuid": "78940b45-c443-4622-b868-d2d8035fd73f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546167", "to_ids": true, "type": "md5", "uuid": "aacb5f4f-3ebd-4917-bee0-7a640f28e9eb", "value": "a543b96b0938de798dd4f683dd92a94a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546167", "to_ids": true, "type": "sha1", "uuid": "815d21c6-52d6-40b6-a81a-32268e73e5c6", "value": "f4d105f9565a8ee98e94d92e5a516e2f7b86e343", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546167", "to_ids": true, "type": "sha256", "uuid": "adbf5839-fe98-4049-9e7c-afe027ff5c34", "value": "e96091fd784eca3c56ce4a703b22f5e5941464aec32a6f356ad0f99ea4422f04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205669", "to_ids": true, "type": "ssdeep", "uuid": "6830ebf5-6815-410e-b5f6-6d77f6d21211", "value": "12288:OySryZfz3iXNoW0wTIiO4nPbmEewWvjgNmNogNJUgQw:ODry93idd0v4eRBv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205669", "to_ids": false, "type": "size-in-bytes", "uuid": "7a7cc996-5cfc-4c5c-9d1e-20279002c8e8", "value": "833024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205669", "to_ids": true, "type": "vhash", "uuid": "1e33f1df-9b16-4857-a9e5-36619367fc83", "value": "185066655d1555155bzf?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205669", "to_ids": true, "type": "filename", "uuid": "d73d2623-ea3d-4030-81e3-5da068bacb21", "value": "b31zs88t.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 08/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205669", "to_ids": false, "type": "text", "uuid": "5ffd8e1d-0ee0-4f42-b177-8e2e9654616b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:34/71\nFirst Submission:2025-08-18T19:18:55.000000+00:00\nLast Submission:2025-08-18T19:18:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546170", "uuid": "a93e34c0-f0ca-41d9-bf47-1dc575ebc1ac", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546169", "to_ids": true, "type": "md5", "uuid": "88889cdf-6200-414d-831b-4cf8e3a4d26b", "value": "a75713f0310e74ffd24d91e5731c4d31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546170", "to_ids": true, "type": "sha1", "uuid": "6d1ed1f0-8693-49b7-97da-d97b4810bd9c", "value": "dfdac413be28af3f916dbba2e52320202edc6f98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546170", "to_ids": true, "type": "sha256", "uuid": "c8658322-bf46-42bf-ba54-031f54e56dfe", "value": "854927d11112e9286ca4383720d033ae91aacdcd8b2845f216fe6a918fa2569c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205691", "to_ids": true, "type": "ssdeep", "uuid": "dd868d0c-1182-4bc6-ba08-7c1b73ede212", "value": "6144:tGO9dG4gbKQN1ssqyVpMg9M0N0M6+UaiHT4NWYaelM6NsInjf7CCj:tGsG4NQfjqyAyZE+sHT4NWYlsKC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205691", "to_ids": false, "type": "size-in-bytes", "uuid": "a69b7c24-1b24-4fb6-9dd9-b6f8a6d86fb6", "value": "455112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205691", "to_ids": true, "type": "vhash", "uuid": "646a2e60-be34-4fc5-a30d-859131030424", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205691", "to_ids": true, "type": "filename", "uuid": "d04477e6-babc-4ff9-b6eb-332d717a300a", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205691", "to_ids": false, "type": "text", "uuid": "cef54c9c-be3f-4827-a497-964d041ba921", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:46/70\nFirst Submission:2026-01-27T08:15:19.000000+00:00\nLast Submission:2026-01-29T12:43:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546173", "uuid": "e0d4d223-3e3f-4970-8484-0776f6b2a1a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546172", "to_ids": true, "type": "md5", "uuid": "dcbc4b7e-9cdc-40d7-9dd7-938299fb4f74", "value": "ad39a5790b79178d02ac739099b8e1f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546172", "to_ids": true, "type": "sha1", "uuid": "8b8548e9-5483-4396-a5c4-ae35cf485d36", "value": "b354b17d6a3a779b372866bbfe39bd9d9580b326", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546173", "to_ids": true, "type": "sha256", "uuid": "89979f04-43a6-4174-9c10-872ca9ec7f05", "value": "3205cfc4e241406113fbc196d9e2e8dcac880df4c11977ce7a91d7c0f04f5cb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205713", "to_ids": true, "type": "ssdeep", "uuid": "31bcda70-ea44-4bcc-96ae-b249803f392f", "value": "6144:DSjJq2Lov98N+v2LmTZ/Bg4cWqYib8/pPzvx7HMcs6i5aFo0cMlYbc5VoBz:DSg2Lo6O2LmTTad8/5zDsml2bc4Bz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205713", "to_ids": false, "type": "size-in-bytes", "uuid": "1e388b7d-09cb-4957-8b23-752a33129ce3", "value": "400184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205713", "to_ids": true, "type": "vhash", "uuid": "258ddbb4-5832-43a3-8fbc-79274268f6d8", "value": "045066655d1d05756058z613z3hzafz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205713", "to_ids": true, "type": "filename", "uuid": "08293128-64da-4d90-b124-386040b4edf1", "value": "Check statement.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205713", "to_ids": false, "type": "text", "uuid": "4a7ee1eb-3605-47d4-8bf1-7f3ba2cd4a3f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:50/70\nFirst Submission:2026-01-08T06:04:47.000000+00:00\nLast Submission:2026-05-07T12:21:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546175", "uuid": "69313172-d152-48d4-a91a-fa90d92aab7a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546175", "to_ids": true, "type": "md5", "uuid": "88d44efb-76ca-4359-8cea-47a305799d62", "value": "b23d302b7f23453c98c11ca7b2e4616e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546175", "to_ids": true, "type": "sha1", "uuid": "97e2cbe3-f26b-4bb4-b64c-9cb1019d96a0", "value": "f0325228cd189cb723d463e8cc3c1f1c5f1189b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546175", "to_ids": true, "type": "sha256", "uuid": "33bf3a2c-34e9-428c-ae7e-f037967ecd47", "value": "43ecbd2dd6199a13ac1bef3a49af3c08593d50d7faf8e24df91c03ef8edf6ecd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205735", "to_ids": true, "type": "ssdeep", "uuid": "ae1662ae-8ce0-4509-aa4d-3ab9793290cd", "value": "6144:n4Rl/97Wk5QQt5VFtrgxiPdu4xkwxuL2MLN7lJNiBoo0cMlYbc561Ues:nWllH5QQt5VDigBkwxuLnxYyl2bcI1zs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205735", "to_ids": false, "type": "size-in-bytes", "uuid": "f1117123-5c6e-4bee-87a7-01b2ee736108", "value": "353208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205735", "to_ids": true, "type": "vhash", "uuid": "b76391cd-77c4-400d-a01b-fd709a01a2ac", "value": "035066655d1d05756018z5b3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205735", "to_ids": true, "type": "filename", "uuid": "5a894882-d501-4a7f-95b2-0b1e78fecc56", "value": "klik dan buka.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205735", "to_ids": false, "type": "text", "uuid": "29bfc01d-7876-4110-98db-20d6de8592a2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:43/70\nFirst Submission:2025-12-23T11:54:41.000000+00:00\nLast Submission:2025-12-23T22:45:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546178", "uuid": "09502777-651c-4788-8988-90f4e9684f0a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546177", "to_ids": true, "type": "md5", "uuid": "368e053c-10e7-4fb9-93b1-41f50a20ef9c", "value": "b500e0a8c87dffe6f20c6e067b51afbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546177", "to_ids": true, "type": "sha1", "uuid": "361e2418-2197-41a6-ad7a-d2d3bda0f073", "value": "186ce18766daf6e7e09cd52575aa971beb2dbc6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546178", "to_ids": true, "type": "sha256", "uuid": "54c73f49-d125-4d0a-bf77-462e9ea97556", "value": "ac4c066b9687ba5ef66a9e2590094b84ad4075711decacfabd582993c8e6eb02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205757", "to_ids": true, "type": "ssdeep", "uuid": "5b4c727c-1573-405e-8085-b261e3e7ba8b", "value": "6144:mR88s9CP6cdxDG/GHpNflKrtu5b0EcxxtKzexpplA9+cx0:mm8uczDGoNIQ0EcRKzeTplGF2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205757", "to_ids": false, "type": "size-in-bytes", "uuid": "ec5f712e-318c-4e33-9667-7f9e56b8dcbf", "value": "255762" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205757", "to_ids": true, "type": "vhash", "uuid": "1bbdd789-3587-4621-a4be-126dce60028e", "value": "65df5e475a48a5a9b92d98c0adc87e73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205757", "to_ids": true, "type": "filename", "uuid": "1408d6df-5e2b-4855-9393-e1d998c8422e", "value": "November Statement.zip" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205757", "to_ids": false, "type": "text", "uuid": "4379ff48-2359-4fd6-93bd-13ac50375a97", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:26/66\nFirst Submission:2025-12-18T11:03:10.000000+00:00\nLast Submission:2026-01-13T13:32:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546181", "uuid": "140d1ad6-1dce-4838-93d9-d9d774a19aa4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546180", "to_ids": true, "type": "md5", "uuid": "6a6a8e3d-2f5c-45c6-9f9d-d4f048292537", "value": "b53e3cc11947e5645dfbb19934b69833", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546180", "to_ids": true, "type": "sha1", "uuid": "b94cfa3d-6aa2-4b1e-8a0b-4051576385cb", "value": "6ab423cbbe36aa01845e99e35ede330c20aba71e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546181", "to_ids": true, "type": "sha256", "uuid": "f674ba22-ec68-42a6-83d8-017055096ce8", "value": "ce7c7339e1572369c881803d462bd63d8f6e31f054f7bf86d93ce36db7842f19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205778", "to_ids": true, "type": "ssdeep", "uuid": "b1520588-0e87-4b2c-811c-26c0bc89585e", "value": "1536:dXZs9dt3IUsDS1BajgS/NV0rvOIqyW8pRGO7nSpaw+zLjpj1ATcmkiChL0:dS/FIUQKOgdqyWOQO7nSpaHzpj0cmkhA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205778", "to_ids": false, "type": "size-in-bytes", "uuid": "7f487e51-ff5f-4032-956d-09252572377a", "value": "95375" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205778", "to_ids": true, "type": "vhash", "uuid": "1bf41653-cab2-4bc0-a7ae-748cd62c2c65", "value": "55dcf0902daa3da70ff72e0f83c460ee" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205778", "to_ids": true, "type": "filename", "uuid": "9b9cf4b4-a19e-479c-8adc-c30094532f7a", "value": "run.deobfuscated.obf.js" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205778", "to_ids": false, "type": "text", "uuid": "a833536c-5ec2-4287-aabc-ab20e1d71308", "value": "Type Description: JavaScript\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:21/60\nFirst Submission:2026-01-02T07:27:33.000000+00:00\nLast Submission:2026-04-30T18:37:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546183", "uuid": "2995a471-3d98-49b2-8ee5-6f0a974db11d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546183", "to_ids": true, "type": "md5", "uuid": "26aa3ba8-4df3-4557-a896-a96bb8008474", "value": "b5ca812843570dcf8e7f35cacab36d4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546183", "to_ids": true, "type": "sha1", "uuid": "976d8a53-fb48-43d9-8270-c7ab72042115", "value": "b15b4544dd007b81c41a2fa4ea3099af0591917f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546183", "to_ids": true, "type": "sha256", "uuid": "af730266-6e24-4f78-acf4-fd5e2a479b5a", "value": "567479868057068be44a51a6126c090203a3244d3ea3a8bf7d7e2582213c649d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205800", "to_ids": true, "type": "ssdeep", "uuid": "4517be3a-aef1-4c91-bcea-cb27fd70c562", "value": "6144:kyohAm9e9LgPfuDAqwNxnwgRG4zx3MVq/UB9kuZ5mBB6KsOt+z:kyohAfaPGMqwNKmfSVq/UB9kuZAs3z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205800", "to_ids": false, "type": "size-in-bytes", "uuid": "1fd9ebe0-008f-40c9-93c4-e6ec91c55298", "value": "470328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205800", "to_ids": true, "type": "vhash", "uuid": "dcfdce2e-bca9-4f60-8628-8ea17edf0473", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205800", "to_ids": true, "type": "filename", "uuid": "f7d0c366-ab89-4353-b20b-af624129aa01", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205800", "to_ids": false, "type": "text", "uuid": "f84f1e84-5994-45bd-b112-b3b838bcbde7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:51/70\nFirst Submission:2026-02-03T07:31:01.000000+00:00\nLast Submission:2026-02-03T12:38:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546186", "uuid": "f310b23e-4279-48a8-9637-5ee5dfd90d35", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546185", "to_ids": true, "type": "md5", "uuid": "b14fd86f-7608-4c62-9bfa-ad1b18010d3e", "value": "b6df7c59756ab655ca752b8a1b20cffa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546186", "to_ids": true, "type": "sha1", "uuid": "8da75aff-60ba-41e6-9739-8ddc8ca19fa4", "value": "9430268294443d89d5374e6a7e87ea7889c19aab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546186", "to_ids": true, "type": "sha256", "uuid": "d0e4d846-9e16-46f0-afca-c78269e5fa56", "value": "0a78e509519fc168873fda0ef1a7cf51447e5c5843740515a029455e60296c68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205822", "to_ids": true, "type": "ssdeep", "uuid": "5de1cd58-f44c-4b76-99ba-a1ae6ab96854", "value": "6144:phOhQ9jg6yZXSStaPzgUDm7SvLPmlQ0O1/OV3eL96NysB90otes:POh4uRSSt0Li8d0O1/OVTysss" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205822", "to_ids": false, "type": "size-in-bytes", "uuid": "5773df7d-b2b5-42dc-9c83-525b4c3e591f", "value": "459704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205822", "to_ids": true, "type": "vhash", "uuid": "559ecb0b-f65d-4743-82bf-e0cd027c189c", "value": "045066655d1d05156018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205822", "to_ids": true, "type": "filename", "uuid": "3478b82e-a0f4-41a5-bd56-5fcdab8788b3", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205822", "to_ids": false, "type": "text", "uuid": "906974db-404b-4db2-b63b-f10b226bbb73", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:44/70\nFirst Submission:2026-01-26T06:52:40.000000+00:00\nLast Submission:2026-02-06T12:29:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546189", "uuid": "31abcc1f-df9f-4190-bf30-3971e17a163d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546188", "to_ids": true, "type": "md5", "uuid": "38c799e1-1d7f-4ba0-8822-9ae5d9640669", "value": "c50c980d3f4b7ed970f083b0d37a6a6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546188", "to_ids": true, "type": "sha1", "uuid": "53235f2e-5f20-4cdd-beaf-8831247d00f9", "value": "abff44f5b847848ad53eea438de65d5e9da54f3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546189", "to_ids": true, "type": "sha256", "uuid": "801ee078-bd21-4a27-9cc7-c188b2a41965", "value": "f288aac16f9593802e76e0eaae777f36860fe4ef13c22cbedbe46d355b7682e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205844", "to_ids": true, "type": "ssdeep", "uuid": "cc6706c1-f941-46f8-bce3-75c75338c85b", "value": "6144:QfA5xcz+F7lofVqD87xhwNPx/YUAmwGI+Z5+PLL5mjTRiNFHLsO+XHOwNkThvxPO:fcfgpPxHU+Z5CyidLQrNk1ZbYs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205844", "to_ids": false, "type": "size-in-bytes", "uuid": "0132a383-d2d6-4a40-9f00-bc9f4343eeb3", "value": "588800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205844", "to_ids": true, "type": "vhash", "uuid": "10729cd5-40ff-4ef2-8958-4106328a278a", "value": "155066655d1555155bzf?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205844", "to_ids": true, "type": "filename", "uuid": "f956173d-bf2a-4de5-82db-3ecc887ce24c", "value": "core.cp310-win_amd64.pyd" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205844", "to_ids": false, "type": "text", "uuid": "828437c3-9f79-4016-8337-11a78405ed5b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:33/70\nFirst Submission:2025-03-07T08:08:11.000000+00:00\nLast Submission:2025-03-07T08:08:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546191", "uuid": "77fb4cf2-346a-4c4b-989c-0c826dde43aa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546191", "to_ids": true, "type": "md5", "uuid": "d3751ac6-0384-4e6a-85b6-d4414709c610", "value": "cb3d86e3ec2736ee1c883706fca172f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546191", "to_ids": true, "type": "sha1", "uuid": "55ddc2b7-c8c1-4d9e-a401-027cac2a27f8", "value": "c83e7f1e802b3b8264e2295ad6e78f3a29f09985", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546191", "to_ids": true, "type": "sha256", "uuid": "231c2882-e5d5-43e3-a87f-8d3b17a69c90", "value": "e23f421b925fa4afcea741aafb15099dd3ca8c2ae93e0c0a75fa689f9cb97279", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205865", "to_ids": true, "type": "ssdeep", "uuid": "f8e071b1-84a5-44e7-875d-46ed9a106fb9", "value": "6144:nGcuQbK9dJ1tHlNXeV70MjFSWgVkJcDqgNoW62weLLKzsR5SP4es:nGLQbqPXeN0MjJ+g2NoW62ssa3s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205865", "to_ids": false, "type": "size-in-bytes", "uuid": "97035763-840d-4223-a3be-9ff1e267be41", "value": "463288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205865", "to_ids": true, "type": "vhash", "uuid": "90d49e8b-48e2-4685-a0df-43856f3d7562", "value": "045066655d1d05156018z5e3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205865", "to_ids": true, "type": "filename", "uuid": "d60e7522-4b0d-406c-a0ea-7135a645fd3f", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205865", "to_ids": false, "type": "text", "uuid": "5bbd6476-d3aa-475f-8a27-b8b30b7a0949", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:40/70\nFirst Submission:2026-01-19T11:39:13.000000+00:00\nLast Submission:2026-01-26T12:03:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546194", "uuid": "2b7710bf-bd33-4e4c-808d-d69ccf0d5dce", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546193", "to_ids": true, "type": "md5", "uuid": "5dfeffd3-08c1-4da9-9ad6-6a2db3d635d2", "value": "d17caf6f5d6ba3393a3a865d1c43c3d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546194", "to_ids": true, "type": "sha1", "uuid": "c6e1df11-bd7a-4f0d-98cb-c136de8f836c", "value": "ff11e3d444f569ad9d8303111399da45fc1c65e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546194", "to_ids": true, "type": "sha256", "uuid": "98c7e7f9-95b9-4480-b585-18799e8d0bde", "value": "3cdd228f94ae416a09ee1f3556220e58a19efc28976ee699f96e0fd09d6ac3f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205887", "to_ids": true, "type": "ssdeep", "uuid": "47bf534b-0e55-4679-9897-67d87ad29ce3", "value": "1536:FrX4tpfcUjrwLxZYE8ksunc/1qJiq3OOuISN99p/5niz8o7UfycKB:tX47fcIrwR8ksunm10Xen/5n2UlKB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205887", "to_ids": false, "type": "size-in-bytes", "uuid": "ee482c96-dec2-420c-86f5-387fb96c841b", "value": "305191" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205887", "to_ids": true, "type": "vhash", "uuid": "988fc2a8-d01d-45c4-bb34-5a762dcb76ae", "value": "035056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205887", "to_ids": true, "type": "filename", "uuid": "54affbf8-65ac-4354-9cc5-d663d9a2211e", "value": "qv38ffp43.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205887", "to_ids": false, "type": "text", "uuid": "ec1c8c92-21a0-406f-a8c0-5e09aff0828b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:29/70\nFirst Submission:2025-08-25T13:05:01.000000+00:00\nLast Submission:2025-08-25T13:05:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546197", "uuid": "a5c71fd8-8b2d-448c-af02-52f528936e97", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546196", "to_ids": true, "type": "md5", "uuid": "b62a4080-c93f-4399-91ed-db3e30541f9f", "value": "de8f0008b15f2404f721f76fac34456a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546196", "to_ids": true, "type": "sha1", "uuid": "b1b24289-a6b3-485d-93e3-b8b951c11556", "value": "12e41cc25fe8e99a0fca691fb88ed9823e989853", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546197", "to_ids": true, "type": "sha256", "uuid": "004480a4-e940-4b92-bfa8-d10fa0c015e2", "value": "ffaea868dc1d68211664133e3b69f7025f1406bd4647d77f3aee945d745ad4bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205909", "to_ids": true, "type": "ssdeep", "uuid": "8ea1e421-c3d2-4832-b8eb-6839695724b9", "value": "12288:hY+nCXP+poq5dZHtnv4FpOlHLFkbjBsbOFBld8RIT++SI:hY+nCWqMPHJlrSJsiFB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205909", "to_ids": false, "type": "size-in-bytes", "uuid": "8debe684-a48e-4112-bf5f-837047f50abc", "value": "757760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205909", "to_ids": true, "type": "vhash", "uuid": "e0944e4b-fc11-413f-b152-e5268154cd93", "value": "175066655d1555155bzf?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205909", "to_ids": true, "type": "filename", "uuid": "a212ce78-3085-422b-9ac7-39222ccaa00e", "value": "core.cp310-win_amd64.pyd" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 08/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205909", "to_ids": false, "type": "text", "uuid": "5bf746ec-19cb-4826-b124-a6a849cbf979", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:35/71\nFirst Submission:2025-04-04T07:54:39.000000+00:00\nLast Submission:2025-04-04T07:54:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546199", "uuid": "801ff81c-2fc3-46cb-8a2b-bb84ba856d28", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546198", "to_ids": true, "type": "md5", "uuid": "2e518026-0d25-4c7e-b9a1-0bd9a8fc9da1", "value": "dfc64dd9d8f776ca5440c35fef5d406e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546199", "to_ids": true, "type": "sha1", "uuid": "2c60ea97-78b3-45eb-b6e6-d9a36afae98c", "value": "83e31b85bbe0478a770094c5089ae4b2b9a71181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546199", "to_ids": true, "type": "sha256", "uuid": "b3b2e6fd-1b1f-4f04-93ad-3249404bc622", "value": "6b24783e395841f41e359a332c8ce55fb6cf27757ca03ddbfed9e411ef1070f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205931", "to_ids": true, "type": "ssdeep", "uuid": "862dc1e1-8362-4222-8aa0-c02f72d8b582", "value": "393216:mXV4L2tk4uG3JU43pdTefTxNejzPvEic3JsdsJfI7ZgpEecb8QYkbYtmvmtorm:mFn9ZZEfTTEPvEic3RfIdgp9TQDMwy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205931", "to_ids": false, "type": "size-in-bytes", "uuid": "0dfd8274-28f2-4306-b13c-c1fe48344c42", "value": "24258072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205931", "to_ids": true, "type": "vhash", "uuid": "8fdf8b95-cb44-4ae2-8249-fb4427779b06", "value": "027056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205931", "to_ids": true, "type": "filename", "uuid": "3cb1cef6-897a-48fa-a825-da995b62833c", "value": "2.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205931", "to_ids": false, "type": "text", "uuid": "c7fac1b7-47aa-4a8b-9a15-aa0d9b6196b5", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:24/70\nFirst Submission:2025-08-05T16:45:18.000000+00:00\nLast Submission:2026-05-02T00:32:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546202", "uuid": "f2401f70-3b91-4e91-978b-95ed4cf8c8af", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546201", "to_ids": true, "type": "md5", "uuid": "ccbdb7f6-8f7e-4951-bc04-c3f1c369de00", "value": "e5e8ef65b4d265bd5fb77fe165131c2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546202", "to_ids": true, "type": "sha1", "uuid": "c8592886-239a-4084-9508-bf39a03008ad", "value": "ca5c6fc9d9adc8e8edd474f601429764cc52d4b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546202", "to_ids": true, "type": "sha256", "uuid": "fa62c764-4166-49a7-8a22-67d6ddd352d1", "value": "285c764e84ca830d90e75df06ee5445693f79058142b85b5e054c5c78c0421aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205952", "to_ids": true, "type": "ssdeep", "uuid": "5ac78efc-2dfe-4536-bcf1-a8175c81d6a6", "value": "6144:e+23mXdqZPNH2mQz19Wm3TrN3fN2FS2FggjYxyZGFlNDxgrDowAm+tQp7Jzlo0cT:e+23mXdqZPNH2mQzBN3fN2xLssQlNDxJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205952", "to_ids": false, "type": "size-in-bytes", "uuid": "a3c02bee-081a-4d03-b3c6-0117f9f0580c", "value": "374200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205952", "to_ids": true, "type": "vhash", "uuid": "da442609-bfc8-45cf-8b8c-5f7c75a0c516", "value": "035066655d1d05756018z5c3z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205952", "to_ids": true, "type": "filename", "uuid": "7a02d213-6b2d-4b27-9c71-b9a34496b6b9", "value": "Penality List.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205952", "to_ids": false, "type": "text", "uuid": "ee00f883-dce9-4449-901b-765a8af3d586", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Leonem!rfn\nVT Total Detection:53/71\nFirst Submission:2025-12-24T12:21:01.000000+00:00\nLast Submission:2026-04-17T11:27:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546205", "uuid": "7a1555a8-9361-44f3-990a-cfcc454522d2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546204", "to_ids": true, "type": "md5", "uuid": "854a3d6a-be6a-4832-a756-da6797f7e510", "value": "e6362a81991323e198a463a8ce255533", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546205", "to_ids": true, "type": "sha1", "uuid": "3a648d06-3781-40d5-a05d-aec3798bae38", "value": "5d3c7a9cac9e53c7ad163ac506d6b4199a10805c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546205", "to_ids": true, "type": "sha256", "uuid": "efad6638-0451-499a-af5b-68d51cfd8ac1", "value": "e8c2ffd603a13d9b3eb1909b3dfec032ce4f090b2a94198dda195be13d652cd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205974", "to_ids": true, "type": "ssdeep", "uuid": "ff904479-3fcf-4c8d-bab8-76ebb145b8f9", "value": "6144:plASbc9yIQS2y9JuTbknKgmSF/Q9KjAnMrt1eatVY9ejHt0oshZ2ctz:7Aq7StJuTbjtKzjbreatVYusNtz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205974", "to_ids": false, "type": "size-in-bytes", "uuid": "257c3d5e-3667-460c-903d-e04038c209aa", "value": "465720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205974", "to_ids": true, "type": "vhash", "uuid": "8399acd1-1899-4b88-920c-dc1eaec54f1c", "value": "045066655d1d05556018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205974", "to_ids": true, "type": "filename", "uuid": "4e419fe1-0258-4beb-878a-b8d011596b48", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205974", "to_ids": false, "type": "text", "uuid": "e69ba30d-7836-4f72-ad27-999430ae0ec7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:50/71\nFirst Submission:2026-01-19T10:56:38.000000+00:00\nLast Submission:2026-01-21T11:31:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546207", "uuid": "db1fd334-0792-498b-8d27-3365a1375c87", "Attribute": [ { "category": "Payload delivery", "comment": "ValleyRAT plugins installing ABCDoor", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546207", "to_ids": true, "type": "md5", "uuid": "ada9b209-22da-4cc9-a1ea-bafc03459fd0", "value": "e66bae6e8621db2a835fa6721c3e5bbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ValleyRAT plugins installing ABCDoor", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546207", "to_ids": true, "type": "sha1", "uuid": "a580586b-02a8-4150-8d5c-7e493429cb72", "value": "59e1118c019e74bdab90ddb0229b480a84c4f496", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ValleyRAT plugins installing ABCDoor", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546207", "to_ids": true, "type": "sha256", "uuid": "bb01eefa-319c-49fd-8cc4-df6f2d00feba", "value": "3b372d921febe3acca87a53e019efda34778e200a3d90071607971b0ac2e9cd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778205996", "to_ids": true, "type": "ssdeep", "uuid": "962e8bdd-ead0-4d2b-9983-dba42cc5d947", "value": "384:AcaVWQPWhdu04EmRUF4MVqip8oeETA7LgmTOYnTxV0KIiiErrSKJi2jIwQ2Ul402:AcaohQGSMUnG0rGKMFD2MROXn8jxFU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778205996", "to_ids": false, "type": "size-in-bytes", "uuid": "e8227085-f8c2-4cde-9f49-5b7947e26384", "value": "37888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778205996", "to_ids": true, "type": "vhash", "uuid": "05ef4989-70d9-4c32-8545-8e85f48a173f", "value": "134056651d15155az1b7z3035z21z13z63z24z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778205996", "to_ids": true, "type": "filename", "uuid": "180b5577-131f-4b7b-a3a6-cb651049eef2", "value": "1.dll" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778205996", "to_ids": false, "type": "text", "uuid": "f8d6e7d2-d063-4dbe-b8de-cb61c8db20d0", "value": "ValleyRAT plugins installing ABCDoor\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:34/70\nFirst Submission:2026-01-30T04:09:27.000000+00:00\nLast Submission:2026-05-06T12:32:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546210", "uuid": "0345015a-65ff-4cd5-81fb-24320de66167", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546209", "to_ids": true, "type": "md5", "uuid": "dc3835f1-8ad4-4247-a81e-a89e3baf762f", "value": "eefc28e9f2c0c0592af186be8e3570d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546210", "to_ids": true, "type": "sha1", "uuid": "83527011-995c-46a8-8b63-451e95c62d59", "value": "798ec071b2c494af515c20e5e3efca78a710deb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546210", "to_ids": true, "type": "sha256", "uuid": "12a8bf57-0019-4560-b5bd-6f23d18456bb", "value": "f7045e26cd80b2c688b8371947ddeaee0dc3c56bf855e65472f4347b27654d90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778206017", "to_ids": true, "type": "ssdeep", "uuid": "2daa9c2c-97ff-4089-892c-824e037f552c", "value": "393216:XuJOIq5PXBqSUOmt1TJOh4qe+rZr2f56YgvmGdJ+JbfZ1vvptcvZxG9ZwskteD7+:XCiPXrUOmtnOJecZr2f56PvmGdJ+5vvE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778206017", "to_ids": false, "type": "size-in-bytes", "uuid": "2a0a242e-720f-402d-b181-bf0cb861fc89", "value": "24005896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778206017", "to_ids": true, "type": "vhash", "uuid": "89b3c37c-ea59-418b-9b5a-8eac43312cc0", "value": "027056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778206017", "to_ids": true, "type": "filename", "uuid": "ecdd1a76-bf5d-434b-83b1-79d35fa86be2", "value": "RemoteInstaller_20250808_174554_dianhua.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778206017", "to_ids": false, "type": "text", "uuid": "0b457a63-1161-485d-88c8-09454d625510", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:36/71\nFirst Submission:2025-08-11T04:56:30.000000+00:00\nLast Submission:2025-08-11T04:56:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546213", "uuid": "e6be2a04-363d-4993-adb9-25049b99686a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546212", "to_ids": true, "type": "md5", "uuid": "b86a507b-c94c-4b03-8d96-0778339590a6", "value": "f15a67899cfe4decff76d4cd1677c254", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546212", "to_ids": true, "type": "sha1", "uuid": "f3af0aac-048f-48e9-9e5d-b2ccc71c420b", "value": "cb8ee9bbfb00477e682969b933ed9f23b2de2d41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546213", "to_ids": true, "type": "sha256", "uuid": "e483d673-90f5-46dc-910d-e485f70d954a", "value": "e0699bb2eb4cba2bdb4ba233a2237405a3b5f69c4bb7108e9313e7d0d64d426e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778206039", "to_ids": true, "type": "ssdeep", "uuid": "29d280f8-465a-4bc9-967d-a8422809ee1c", "value": "384:kkvvG03IQdrlWugU8mG/lt98+iAvi/OsavYJHhcAs1lnVVIAwB0K:kkFrlWB+gtbi/OsgoHhcAS/VGO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778206039", "to_ids": false, "type": "size-in-bytes", "uuid": "985fd845-2bc5-41a1-93ac-77abb5d2f3e8", "value": "82944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778206039", "to_ids": true, "type": "vhash", "uuid": "19ef7a54-f976-4ea3-9b2b-50193b143917", "value": "084066551d1515151az17hz202jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778206039", "to_ids": true, "type": "filename", "uuid": "f1d963de-fca6-4ba6-991e-afcc4cbbd0de", "value": "download.php" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778206039", "to_ids": false, "type": "text", "uuid": "0ffec6d7-c7a4-47e2-8efe-35d7069a81c3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:41/71\nFirst Submission:2025-03-04T09:51:41.000000+00:00\nLast Submission:2025-03-04T16:47:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546215", "uuid": "fb17247b-27e6-4596-af69-102dff385a33", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546215", "to_ids": true, "type": "md5", "uuid": "8f797107-02e6-4c25-868b-2e2bb5e6c9ed", "value": "f7037cc9a5659d5a1f68e88582242375", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546215", "to_ids": true, "type": "sha1", "uuid": "3519fbaa-2cd6-451d-b183-a120cd9551b1", "value": "30360e462788e6633a44b3d7ce7ab7c4fc16472f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546215", "to_ids": true, "type": "sha256", "uuid": "edeaee4a-f1aa-49fc-a8f3-0e2abd24285e", "value": "6fa7f2515631100493ad321304e52f57a2a5877930b3c317ef234028dbc15414", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778206061", "to_ids": true, "type": "ssdeep", "uuid": "aa85facb-d1c4-4345-b294-31f1851e4d1f", "value": "12288:zlFpxAC8ylyCXtH7Lpn6qjjJs5Jcxxc3rsOJU+:zlFp9yaLMqjjJsnf3rs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778206061", "to_ids": false, "type": "size-in-bytes", "uuid": "87522524-b127-4416-bf2c-b7eafe761e0c", "value": "456648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778206061", "to_ids": true, "type": "vhash", "uuid": "f190a4ef-dbf2-47be-a106-10f8b2f13ee6", "value": "045066655d1d05556018z5c3z35z3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778206061", "to_ids": true, "type": "filename", "uuid": "57bcd87b-19ff-4ebc-9fab-f9801015c2b2", "value": "rsl.exe" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778206061", "to_ids": false, "type": "text", "uuid": "74841f9f-caeb-4998-ad88-7962825eb227", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/RustyStealer.ARY!MTB\nVT Total Detection:50/70\nFirst Submission:2026-01-29T09:01:26.000000+00:00\nLast Submission:2026-02-03T04:22:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546218", "uuid": "637c4538-8d76-48c1-8c08-ed7fc84ca9ce", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546217", "to_ids": true, "type": "md5", "uuid": "4beb3f62-8b1e-432d-a131-d1a7d31d1c07", "value": "f8371097121549feb21e3bcc2eeea522", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546218", "to_ids": true, "type": "sha1", "uuid": "6cb2e062-3054-4724-92f1-5146daeddfe5", "value": "3bac1776148edddad6854062da8a405a0f51b56a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546218", "to_ids": true, "type": "sha256", "uuid": "b5223fe4-bddd-45b5-a20c-9c75669f1236", "value": "fd9632478ae4a16ed166df93ada1fd359051add3ce082d747ed6d30272e71523", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778206083", "to_ids": true, "type": "ssdeep", "uuid": "7563079b-eca6-4c46-8d91-3a114d31bae2", "value": "6144:LjclUpuJr5Hx05pnYtA4kr/Nco4Z7a5ELFvEZgFeXzCQPL6DZrFg+cxQ:PIUpu15HxO9Ya7rGg5gFTeXzvLAKFi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778206083", "to_ids": false, "type": "size-in-bytes", "uuid": "9e42aa8f-6b16-4498-a609-76b8c243d08f", "value": "278221" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778206083", "to_ids": true, "type": "vhash", "uuid": "5d562268-78a1-4dfa-b47f-a006d19895ad", "value": "65df5e475a48a5a9b92d98c0adc87e73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778206083", "to_ids": true, "type": "filename", "uuid": "53120154-aa08-44a8-9bd3-ac99d0d8aeaa", "value": "Statement of Account.zip" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 06/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778206083", "to_ids": false, "type": "text", "uuid": "ef6bc633-488b-4564-8669-de2e5fc66cbb", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:28/66\nFirst Submission:2026-01-12T07:17:38.000000+00:00\nLast Submission:2026-01-12T08:50:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546221", "uuid": "f7ca4a3a-6d28-4d59-9f15-8664e9c95710", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546220", "to_ids": true, "type": "md5", "uuid": "d6d9f3e1-9314-4b1e-9b1b-d04647933756", "value": "fa08b243f12e31940b8b4b82d3498804", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546220", "to_ids": true, "type": "sha1", "uuid": "e5ac13e4-0382-49ae-b269-5f476f9ab821", "value": "8fa78fbd1ae239af277128ce8c00ca2b51b86b14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546221", "to_ids": true, "type": "sha256", "uuid": "3800bca8-fac6-4c5e-be95-bca2530ea1d0", "value": "8b665f44c07af2523a35986dd19d7cb7f41c883f07b4ee189d3ce6f26689156c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778206104", "to_ids": true, "type": "ssdeep", "uuid": "ee62f47b-8c2f-4cc9-bce7-04b9ff117d4b", "value": "12288:Lbkz3OzfL+EH8BH0QVrYTkDY2LQ++8UkzhYFR:Lb03Ov0/hq8Ue" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778206104", "to_ids": false, "type": "size-in-bytes", "uuid": "65a96b0f-156d-41ad-9f5f-179266af815e", "value": "899584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778206104", "to_ids": true, "type": "vhash", "uuid": "49cf12ae-5c91-488e-b9fe-a399684761e4", "value": "185066655d1555155bzf?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778206104", "to_ids": true, "type": "filename", "uuid": "0dea4637-cff0-46df-8e45-b032d9947fc8", "value": "core.cp310-win_amd64.pyd" }, { "category": "Other", "comment": "Checked: 08/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778206104", "to_ids": false, "type": "text", "uuid": "fe4f2c81-9ca2-49ba-9524-5054542f90f2", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:31/71\nFirst Submission:2025-09-01T03:37:09.000000+00:00\nLast Submission:2025-09-01T03:37:09.000000+00:00" } ] } ] } }