{ "Event": { "analysis": "1", "date": "2026-03-20", "extends_uuid": "", "info": "[Threat Intel] Libyan Oil Refinery Among Targets in Long-running Likely Espionage Campaign", "protected": false, "publish_timestamp": "1775245834", "published": true, "threat_level_id": "1", "timestamp": "1775245833", "uuid": "87f78d3f-58c9-4096-9f1c-69a8326ddb02", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#892644", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#cb2725", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Right-to-Left Override - T1036.002\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#031c9d", "local": false, "name": "misp-galaxy:target-information=\"Libya\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"AsyncRAT\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774263607", "to_ids": false, "type": "link", "uuid": "faba6423-729b-4907-a4e9-53cb87a799ba", "value": "https://www.security.com/blog-post/asyncrat-libya-oil-cyberattack" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774263607", "to_ids": false, "type": "text", "uuid": "3c68f715-d055-4f10-a5b2-5bb2f201e210", "value": "A series of attacks targeting Libyan organizations, including an oil refinery, a telecoms organization, and a state institution, occurred between November 2025 and February 2026. The campaign utilized the AsyncRAT backdoor, delivered through spear-phishing emails with Libya-themed lure documents. The attackers exploited current events, such as the assassination of Saif al-Gaddafi, to gain access to networks. The modular nature of AsyncRAT and the targeted organizations suggest possible state sponsorship. The campaign's focus on Libya and its oil industry is notable, given the country's increased oil production and global energy supply concerns amidst Middle East conflicts." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774263607", "to_ids": false, "type": "text", "uuid": "34afad03-0a72-4d2c-a8ed-4665749c51e6", "value": "Name: Libyan Oil Refinery Among Targets in Long-running Likely Espionage Campaign\nAuthor: AlienVault\nAdversary: \nTags: [\"oil refinery\", \"spear-phishing\", \"state-sponsored\", \"asyncrat\", \"backdoor\", \"espionage\"]\nTgtd countries: [\"Libya\"]\nMlwr families: [\"AsyncRAT\"]\nAttack_ids: [\"T1053.005\", \"T1113\", \"T1056.001\", \"T1204.002\", \"T1055\", \"T1036.002\", \"T1059.001\", \"T1547.001\", \"T1566\", \"T1078\", \"T1027\", \"T1105\"]\nIndustries: [\"Energy\", \"Telecommunications\", \"Government\"]" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:04/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775237470", "to_ids": true, "type": "sha256", "uuid": "19cf6b61-176b-45c1-99a8-85faa76e36a6", "value": "39eade26c5680d20f5a8032a0d3996a29058e52c147e4b49a2072d2dcb353325", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:04/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775237471", "to_ids": true, "type": "sha256", "uuid": "55462683-6463-48b1-ae39-3735c1d302db", "value": "3d5ada3b035e2adc8de1db24ab9d8e0e828eec1b7601ed9d064b41fa9d026a34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:04/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775237472", "to_ids": true, "type": "sha256", "uuid": "eb8b21ba-fdc2-428e-bd37-15ba7594e922", "value": "c03120163d9401d66d482899421d9dd68db63d34bac2b32e3090e8ad0b911d83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:04/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775237473", "to_ids": true, "type": "sha256", "uuid": "ec3d96d3-468a-48a6-ad9f-7122e519262e", "value": "cd7e16ca636f6e5cb86cd41561d57620a131a26b53c6e25a36edcbbcb2b5276a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775240519", "to_ids": true, "type": "url", "uuid": "58e9a179-dff8-4eb3-8f26-225cfe22d17e", "value": "https://hs8.krakenfiles.com/uploads/15-02-2026/JCaF7rrPQm/image.png.", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775240541", "to_ids": true, "type": "hostname", "uuid": "20d9e49f-ade5-4ffa-a8f0-8ae6464911de", "value": "hs8.krakenfiles.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240562", "uuid": "a67c0d8d-8db3-4763-89da-6c8bc4929bb1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240562", "to_ids": true, "type": "md5", "uuid": "904e3f46-1559-429d-8931-806eefd1a051", "value": "15b687cb6ddf56f671fb6bd750604177", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237439", "to_ids": true, "type": "sha1", "uuid": "e8f4cd21-0797-4073-9eb9-2de9fe5eacf3", "value": "74bf4daa98a4808c122c1f649ca0e88f70d64802", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237439", "to_ids": true, "type": "sha256", "uuid": "15911ca4-974b-40dd-b929-a995580eea2c", "value": "0f3344e672d1ea6cde382b68b27063ed766fced717e9f5f2e15e6c79ce0737f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236256", "to_ids": true, "type": "ssdeep", "uuid": "1ef8d540-e720-43c3-b968-09d550c309ef", "value": "1536:BmImx6tX2kNff4sKu+UYFdj0H5yINbyAUDYFRfXnWaSrQTGhx:Bm9x6tmkN7Ku+UYFdoH5ycby8FZWvGSx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236256", "to_ids": false, "type": "size-in-bytes", "uuid": "9237cfb8-3500-46b9-b805-6ecaf24bcc15", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236256", "to_ids": true, "type": "vhash", "uuid": "4bb6bd0b-573f-40c0-ba5b-40d79be39fcf", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236256", "to_ids": true, "type": "filename", "uuid": "b82cbe39-7dde-41c2-8fec-fc06e52607a4", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236256", "to_ids": false, "type": "text", "uuid": "fa728aad-80da-4454-88e6-ed9aebcb6688", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:53/71\nFirst Submission:2026-02-24T23:31:23.000000+00:00\nLast Submission:2026-02-24T23:31:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240583", "uuid": "3e6ada46-99f5-413d-9992-caee2ff804dc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240583", "to_ids": true, "type": "md5", "uuid": "d88f58e0-d1f2-4092-9653-bf713d1f0eba", "value": "5e9d7d9316383efc8743675298710ef0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237440", "to_ids": true, "type": "sha1", "uuid": "21d2b6d1-ba0e-422d-b59b-a239da163163", "value": "dbcce5ebd953c077be8dcd0f002258aa53153b7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237440", "to_ids": true, "type": "sha256", "uuid": "f7d80549-3c96-4368-bdec-8a9cea4d0de5", "value": "eb76f0797c27821635992ef23a570fe3a11c848998bc9f7735e968adc6b2f33c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236277", "to_ids": true, "type": "ssdeep", "uuid": "a3bb81d2-26ce-4b5a-8a07-03c6f6fc7f6f", "value": "1536:UmImx6tX2kNff4sKu+UYFM8ldnBl5b3DQ4P+esBrQTGxx:Um9x6tmkN7Ku+UYFtHnBXb3D5sBGCx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236277", "to_ids": false, "type": "size-in-bytes", "uuid": "a7cb66b7-518f-4ead-8434-02c6e4ed0f44", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236277", "to_ids": true, "type": "vhash", "uuid": "c8473ed3-e97d-46cc-a6ca-8a918d89006d", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236277", "to_ids": true, "type": "filename", "uuid": "61ce2936-a98f-41d6-8ea8-b1b95ae85093", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236277", "to_ids": false, "type": "text", "uuid": "41e2911a-a4e7-4b77-b151-cc28871a10fe", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:51/71\nFirst Submission:2025-11-30T08:15:08.000000+00:00\nLast Submission:2025-11-30T08:15:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240604", "uuid": "8b9addd1-885d-45ac-8ed4-92c0d1739bc3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240604", "to_ids": true, "type": "md5", "uuid": "be430579-dfbe-4dbc-9e96-0e9c860a68f6", "value": "7300ba0879ceb382192ba8d93ff7a792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237441", "to_ids": true, "type": "sha1", "uuid": "f8afdcdf-55cf-47a3-a53d-2e1092f9c293", "value": "0338ed21dc6555c6814b5bf77ff71bf68ce57ede", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237442", "to_ids": true, "type": "sha256", "uuid": "87a8ebde-af68-4a41-a0e7-1d5cd7e2d4c4", "value": "946ae65e508acb4dbf6b29432889511a76636453cc04256230fbce25cef86b6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236299", "to_ids": true, "type": "ssdeep", "uuid": "997c7911-6c1f-4bfb-8c53-02132859273a", "value": "1536:92wuMvF1ak9gcKu5UYF4n/CuYSwbfgM5ytrQTGlx:92dMvF1ak9Ku5UYF0/5Nwbf/ctGOx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236299", "to_ids": false, "type": "size-in-bytes", "uuid": "0b8f81cd-7558-4d4b-bdf7-6b84fb16aeda", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236299", "to_ids": true, "type": "vhash", "uuid": "a2d2377c-0d15-4a9b-9959-c31f12a1cfbd", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236299", "to_ids": true, "type": "filename", "uuid": "bd2ad9bc-1f78-45ea-8555-22975d46327d", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236299", "to_ids": false, "type": "text", "uuid": "a770fe9e-51d4-47e4-b614-b0a022817b36", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:56/71\nFirst Submission:2026-01-19T20:53:04.000000+00:00\nLast Submission:2026-01-19T20:53:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240625", "uuid": "45bb04bf-439c-44e2-b8cb-80faf5574bce", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240625", "to_ids": true, "type": "md5", "uuid": "11433296-103a-4f43-88ad-caec70eaf061", "value": "9bf88267166d2b6244a4bdcc9d02113f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237443", "to_ids": true, "type": "sha1", "uuid": "ec50deca-768c-4ce7-90c7-47627450c4e1", "value": "bc5cba6bbb5c724c0d49c6985948b6907d514aa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237443", "to_ids": true, "type": "sha256", "uuid": "382e017a-9852-4199-b88d-4ce0b245ce2e", "value": "9843874eb6217a79ba5a51a6a886745169b1a1ad43f7ae12de6e610324e88ab7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236321", "to_ids": true, "type": "ssdeep", "uuid": "6c7f2649-57f1-4f22-827f-c2b29fd436f7", "value": "48:cYeFz+VNZIo5AsZ/un6QPwgb6loELjw4KwQyFD2bsSPE3tj9bN6Fe+8Z92GWgeCx:5eMNAwFSsLw8PVrjT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236321", "to_ids": false, "type": "size-in-bytes", "uuid": "8527b8b5-b188-413c-9488-6c717b31ba0b", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236321", "to_ids": true, "type": "filename", "uuid": "a21a166d-e17d-4099-b5e4-ce7a3ca776f3", "value": "9843874eb6217a79ba5a51a6a886745169b1a1ad43f7ae12de6e610324e88ab7.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236321", "to_ids": false, "type": "text", "uuid": "db2f3533-2ec7-4621-8872-7621257df69c", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:28/61\nFirst Submission:2025-11-26T06:48:57.000000+00:00\nLast Submission:2025-12-19T13:35:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240646", "uuid": "2be815d4-fe86-4967-83c8-73c05f381a3f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240646", "to_ids": true, "type": "md5", "uuid": "1d63ab25-a9ba-41d6-8b2b-5446ca2b716a", "value": "c6e0019a4aadbc97837839216ad882ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237444", "to_ids": true, "type": "sha1", "uuid": "d4260de7-5287-4496-a7b7-e4900551d820", "value": "c81327abaaa06961a308af0eae5f73e482e00bd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237444", "to_ids": true, "type": "sha256", "uuid": "72e64586-fc25-4027-b21c-3502be32c8b1", "value": "ad796fc0ac17b58e47dbadd42bf164790c18ac67aade8c6bf2251056ef68138d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236344", "to_ids": true, "type": "ssdeep", "uuid": "95893ae5-d349-40a6-bd69-ab8be2001efb", "value": "1536:0mImx6tX2kNff4sKu+UYFtTD7AudTbu6AD8I3jWypYrQTGRx:0m9x6tmkN7Ku+UYFp7ACbu53jFYGix" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236344", "to_ids": false, "type": "size-in-bytes", "uuid": "5b719e02-6abc-4f26-a687-ca19fe756664", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236344", "to_ids": true, "type": "vhash", "uuid": "3eca7602-a5b8-4835-8219-a9e04f4aa277", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236344", "to_ids": true, "type": "filename", "uuid": "ac800037-d49e-4022-8658-fef9af5112ad", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236344", "to_ids": false, "type": "text", "uuid": "b438daca-97fd-4ab7-b2b0-73e898972000", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:58/71\nFirst Submission:2026-02-24T17:02:14.000000+00:00\nLast Submission:2026-02-24T17:02:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240668", "uuid": "22aea9e8-0b15-4946-a0db-f78798840975", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240668", "to_ids": true, "type": "md5", "uuid": "538105e9-1b48-404f-8258-e302ecc8b5dd", "value": "e87764252a333ba316e89f24be05d7c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237445", "to_ids": true, "type": "sha1", "uuid": "1b398905-9005-432d-af49-5fa15115876e", "value": "49e00c0f781703ae2803ac0fa7e8d6dddd924aee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237446", "to_ids": true, "type": "sha256", "uuid": "7431859f-3b1b-4217-a035-fd480be4c582", "value": "f8d2c5cb898cf92495fdcb7e20f509603e1bdd62ba4b61bd7694a8e33a4c738f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236365", "to_ids": true, "type": "ssdeep", "uuid": "d05966a1-267f-4815-84bf-a8c89bb8db5a", "value": "3072:or+jcDkQziZEWnbzubxCB5Uu9MGXx14ZGiwWtXDkWp32DRxe5NqtPMRmVudB4L2u:6K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236365", "to_ids": false, "type": "size-in-bytes", "uuid": "0677ec54-c85f-4ecb-b4b0-525ed0b7c061", "value": "436016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236365", "to_ids": true, "type": "vhash", "uuid": "661ad4a8-921a-40d8-a9d2-5d0b7adb6152", "value": "5dc52704d772b125780154f04dcbc4f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236365", "to_ids": true, "type": "filename", "uuid": "3e7ca9a7-bd45-42dd-b833-7cd16eae9867", "value": "payload_1.ps1" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236365", "to_ids": false, "type": "text", "uuid": "8524c381-51fd-4f30-8695-36d4a46c41c8", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Boxter.HHT!MTB\nVT Total Detection:23/61\nFirst Submission:2026-01-19T20:47:34.000000+00:00\nLast Submission:2026-01-19T20:47:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240689", "uuid": "a64d5af6-7ed9-492c-846a-19f2304d576c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240689", "to_ids": true, "type": "md5", "uuid": "dfa97d22-9cd9-4736-aa96-e2aedf9fcf71", "value": "e8871849dfdaf6b6cd9233f70c4c7493", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237446", "to_ids": true, "type": "sha1", "uuid": "b4c80ced-ef13-4998-8e2a-81b7802333c5", "value": "087ba76c2497d67e35c6530ce90841e1b8cf2cf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237446", "to_ids": true, "type": "sha256", "uuid": "799015d4-faff-494f-9780-2d30412aaa81", "value": "f307f8fa89b9f9eb8c2ae346055dffb80c93f56034aa3abe7a8a25d6e5e680c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236387", "to_ids": true, "type": "ssdeep", "uuid": "aed907af-43bb-4c2d-8843-5ab38f3b8790", "value": "1536:F2wuMvF1ak9gcKu5UYFivmOV8wGm+b81rU2IMlBWVrQTGNx:F2dMvF1ak9Ku5UYFfOizm+b81RI0+GGx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236387", "to_ids": false, "type": "size-in-bytes", "uuid": "8abc4ddf-a369-49fb-a973-4a367a020baa", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236387", "to_ids": true, "type": "vhash", "uuid": "4137a3fc-63c0-49fc-94c4-da3e95e04269", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236387", "to_ids": true, "type": "filename", "uuid": "c877a5ea-1928-4ed7-b986-f2ec00f58234", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236387", "to_ids": false, "type": "text", "uuid": "3d7c78ca-ccc2-46c6-9f0c-9e639c9307f4", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:55/71\nFirst Submission:2025-12-10T07:18:11.000000+00:00\nLast Submission:2025-12-10T07:18:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240711", "uuid": "91b32c2a-3eb0-44d3-9191-8e1dda6e9063", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240711", "to_ids": true, "type": "md5", "uuid": "e075e965-0a78-4e85-aad3-d66ff504d5d9", "value": "388e5d0bfc57c632d4b0149b24a19582", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237448", "to_ids": true, "type": "sha1", "uuid": "bc88ca93-79bd-4dfa-ab76-9fb6e3f6f592", "value": "8b3616bc301c43464be35db21e05c259f6f54a41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237448", "to_ids": true, "type": "sha256", "uuid": "e014d011-de12-407a-a5c7-1f2e39ecd574", "value": "0499152c6dd775491ce099eee4c382a94f72c07031081db164de921effa9664f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236408", "to_ids": true, "type": "ssdeep", "uuid": "87ec09a5-06f8-4d04-8d95-51e106bc3395", "value": "1536:V4eAWu+Q3xUHorSpPRLF9mgFDfqjAukvGAUEhYK+n:VkxUIrcF8wijAukvGAUEhYK+n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236408", "to_ids": false, "type": "size-in-bytes", "uuid": "ef8543a2-effb-442a-a0b0-fc30fabc538a", "value": "76288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236408", "to_ids": true, "type": "vhash", "uuid": "a28b4ef4-2621-4672-9c6c-6ff727dfa26f", "value": "3740365515110093e41030" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236408", "to_ids": true, "type": "filename", "uuid": "df5b4fa4-5d01-4d75-a6af-059bc1b721c2", "value": "WimaSharpAllWin.dll" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236409", "to_ids": false, "type": "text", "uuid": "29bd9d8c-45dc-4517-aad6-6a7e25fcbd03", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:18/71\nFirst Submission:2025-10-24T19:44:49.000000+00:00\nLast Submission:2025-10-24T19:44:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240733", "uuid": "7d28ca03-18d5-4b04-af16-2b0da1bded67", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240733", "to_ids": true, "type": "md5", "uuid": "b29fc436-9604-4075-abd7-1e896f3a2e06", "value": "4b557d270b168eb3042bbb392c5a9870", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237449", "to_ids": true, "type": "sha1", "uuid": "0961a34c-4371-4f22-b9cf-01403f88a306", "value": "982a1d4d8c9c82aa6544889c515cae5bf71d2ad1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237449", "to_ids": true, "type": "sha256", "uuid": "bd4ad184-caa1-4c72-9f87-1694def707be", "value": "12c65ac4e02313ed1aa2d32d56428f0a135b281604d536e5ae6ca08b6b4232c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236430", "to_ids": true, "type": "ssdeep", "uuid": "c563ed32-7305-460f-8d54-eda6225c7756", "value": "1536:F2wuMvF1ak9gcKu5UYF/KQfEPbLOhKk3cBrQTGNx:F2dMvF1ak9Ku5UYFSakbLOFiGGx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236430", "to_ids": false, "type": "size-in-bytes", "uuid": "9a473e77-a3f2-42a4-8698-506338676bc1", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236430", "to_ids": true, "type": "vhash", "uuid": "36e93607-754d-47ec-8cf7-6b1fd225bf0b", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236430", "to_ids": true, "type": "filename", "uuid": "ade930a3-7356-4dc0-9be6-7212c7833c6f", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236430", "to_ids": false, "type": "text", "uuid": "16c91bff-e197-49ce-8d33-935cc5c99f11", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:57/71\nFirst Submission:2026-02-20T20:12:31.000000+00:00\nLast Submission:2026-02-20T20:12:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240755", "uuid": "56dab51e-39d9-4d36-95df-d10acf39e3ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240755", "to_ids": true, "type": "md5", "uuid": "c51170db-af78-47a0-b7f1-58e7c8fc0434", "value": "8e61ebf86a8e10e0ff28f9d101979e6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237450", "to_ids": true, "type": "sha1", "uuid": "4361f78c-760b-4627-8f8d-1a95ef41399c", "value": "5a27aca23421537381d4318199ebbbf856765416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237450", "to_ids": true, "type": "sha256", "uuid": "5f019fa6-df5b-4fe0-992b-fcaf83980c73", "value": "1d32f451d18c3dc8dbf00cd7df1200f83efa27cbaddeb9b2bed726e6d08ef5b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236452", "to_ids": true, "type": "ssdeep", "uuid": "3cc4b482-38ba-4f4f-ac1b-ecced55a74c5", "value": "384:7RbpMfCNFjLcCbEaB7pr496gSJIaU6Q/u+L8MRbioUQXDI763E7LQy56mt5A4fS8:NzGFk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236452", "to_ids": false, "type": "size-in-bytes", "uuid": "4b34aee2-5b54-4791-8ef5-fca01fdd84cc", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236452", "to_ids": true, "type": "filename", "uuid": "30942529-9479-4e0c-8374-0e1718697518", "value": "List_name_Libya_israel.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236452", "to_ids": false, "type": "text", "uuid": "e281baf9-e719-487d-8c5b-9fd5d1bc34ce", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:25/61\nFirst Submission:2026-02-24T23:24:50.000000+00:00\nLast Submission:2026-02-24T23:24:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240776", "uuid": "034f184b-88c2-4e72-b00c-4e366e5c5038", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240776", "to_ids": true, "type": "md5", "uuid": "804365ed-21cf-4cf6-b678-01e0b6f267b4", "value": "8bfe6c772d651431d2ec9d6c2bdeaeb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237452", "to_ids": true, "type": "sha1", "uuid": "49763593-6b50-4ed9-9e87-211a79f2bb48", "value": "d64df0178566b54d47cc264558f87b64741faee6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237452", "to_ids": true, "type": "sha256", "uuid": "4fa829e4-72e3-4a71-a304-401a194fbc24", "value": "22a1cf91fbac104e2dd374dd06e93488cfdf216890088ef18318d90f440f00f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236474", "to_ids": true, "type": "ssdeep", "uuid": "4ac0effc-f7c2-45c0-ab64-ffebc29adb77", "value": "3072:tF5K4bpyog82i0+Rq5MszSeossg4krJaMQHh197m7RS/NkO4AuHcjAboS6ktDrIc:B7bsH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236474", "to_ids": false, "type": "size-in-bytes", "uuid": "41b749fa-3cdb-4367-8f11-045fd08d99f2", "value": "436016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236474", "to_ids": true, "type": "vhash", "uuid": "bf9e5993-119e-4a11-a327-d1e3c5d7556d", "value": "5dc52704d772b125780154f04dcbc4f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236474", "to_ids": true, "type": "filename", "uuid": "b1049e8d-a451-4fdf-ab54-df4ed334964f", "value": "image.png" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236474", "to_ids": false, "type": "text", "uuid": "8d8de0fa-be87-4530-8656-837ea3262a0b", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Boxter.HHT!MTB\nVT Total Detection:23/61\nFirst Submission:2025-11-30T08:16:08.000000+00:00\nLast Submission:2025-11-30T08:16:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240798", "uuid": "6b193800-b6b7-40a4-a325-bafb954de365", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240798", "to_ids": true, "type": "md5", "uuid": "460abc09-2311-4b5d-8df9-38dde782f8a1", "value": "990aaf5f4d8bbbfc875f6029d26c580b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237453", "to_ids": true, "type": "sha1", "uuid": "8be18606-2626-465c-bcf0-1d9b30df6ec2", "value": "9e20795742bcda3ee8b4483779ecb716bfe2b859", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237453", "to_ids": true, "type": "sha256", "uuid": "ac6459a3-c890-4fbc-ba86-4d22c3373474", "value": "3101cc378db2665eb2969b62e28efb9bfd5ca6f9bd3ebc27b422d5a29bfd1b17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236496", "to_ids": true, "type": "ssdeep", "uuid": "0ffc0c86-b9eb-4130-b95e-01ca63a244c8", "value": "48:+tX/c8wWR4vDJpfvKWXaIIyoFXZAIRgqR0AvMAeWeKKXJ4VezS6S0SySbSQSmSXO:+tvF1CzZ34hNFzsOxp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236496", "to_ids": false, "type": "size-in-bytes", "uuid": "e50e11fb-16f9-4d9b-947d-639335552c1a", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236496", "to_ids": true, "type": "filename", "uuid": "f67635c9-979e-4399-a02f-fa005bd6afec", "value": "audio_libya.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236496", "to_ids": false, "type": "text", "uuid": "99a138a1-4b13-462d-91ad-db6a56d21f9a", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:25/61\nFirst Submission:2025-12-22T14:35:42.000000+00:00\nLast Submission:2025-12-24T23:30:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240819", "uuid": "d4df2f74-5249-4c80-871c-017475698edb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240819", "to_ids": true, "type": "md5", "uuid": "ca304423-be84-4f92-840d-163d09ca3db0", "value": "55b204ee8051e678b815366a5dd3e9e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237454", "to_ids": true, "type": "sha1", "uuid": "9ce3fa28-8d76-441b-bef2-7a78a2afdeb7", "value": "6493caae4f1d9942ed0111357f1f0f79f22df791", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237454", "to_ids": true, "type": "sha256", "uuid": "92433de0-8d7d-4819-8763-86ed6dcd0b48", "value": "34ae832427b03df5f8cb90e78b5b174665c19602575b37fc7cad8100978898d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236517", "to_ids": true, "type": "ssdeep", "uuid": "7c05b289-db33-4862-a8be-ff7b5c4b5e69", "value": "384:ExAbSVE/21vB5D4Za1tttt5KJH/xJVJj5EzJQHzI0Mov18JPcn45X7XT2u7m5d2J:Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236517", "to_ids": false, "type": "size-in-bytes", "uuid": "6e470785-8cbc-4cfe-9a09-163808a16c8c", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236517", "to_ids": true, "type": "filename", "uuid": "295fc5ba-1829-4e29-82fa-e1eb3969d1cc", "value": "list_name_libya.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236517", "to_ids": false, "type": "text", "uuid": "e4092530-69eb-44b1-b9b4-532ea7499964", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:27/61\nFirst Submission:2025-12-22T23:50:10.000000+00:00\nLast Submission:2025-12-22T23:50:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240841", "uuid": "42056264-ab4c-4843-9ee0-81caa51002cd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240841", "to_ids": true, "type": "md5", "uuid": "c58a5311-c2a0-46c6-927f-60ec7835f5f5", "value": "55cc9011d5bfa14e4ba4402ed920060a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237455", "to_ids": true, "type": "sha1", "uuid": "9f511cc2-c80a-46f0-bf0c-00a18f5c967b", "value": "8c1f90ca5308ed3aa162bd89fa5a18d7464e7a5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237455", "to_ids": true, "type": "sha256", "uuid": "b478b4ff-a53d-4ead-9730-238d94866f14", "value": "3ca93362559db4da9d44d614345cbdfdb81d882367af05651bb718e1cc57ab08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236561", "to_ids": true, "type": "ssdeep", "uuid": "2c5f3828-f19c-44f1-b91b-0f5e37888149", "value": "3072:Mr+jcDkQziZEWnbzubxCB5Uu9AG+fTq4Zt/JXDkWp32DRle5NqtPMRmVudB4L2rm:Im" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236561", "to_ids": false, "type": "size-in-bytes", "uuid": "1c3df31d-0650-43c0-bf8b-4d257966e91c", "value": "436016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236561", "to_ids": true, "type": "vhash", "uuid": "fc45e1b5-9dc1-4402-8b14-f3289f6013a5", "value": "5dc52704d772b125780154f04dcbc4f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236561", "to_ids": true, "type": "filename", "uuid": "37c9a4a9-3511-4839-97ec-9b176c7c4e86", "value": "payload_1.ps1" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236561", "to_ids": false, "type": "text", "uuid": "44566ab5-645b-4530-a90b-e1b00f08af73", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Boxter.HHT!MTB\nVT Total Detection:24/61\nFirst Submission:2025-12-22T17:15:43.000000+00:00\nLast Submission:2025-12-22T17:15:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240862", "uuid": "92a5ad9f-1da2-4a08-bcfc-38c44549ab0e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240862", "to_ids": true, "type": "md5", "uuid": "c18b8938-727c-4fd0-8c77-2531b852823f", "value": "3e077f572d9016d94adb59fe20c167d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237456", "to_ids": true, "type": "sha1", "uuid": "a20cdca1-4122-4673-bb08-04475e21e488", "value": "fa8c11514455b55d64b8ea85d037f06b150cb5cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237456", "to_ids": true, "type": "sha256", "uuid": "7b58d512-1c09-40e2-a3fe-f3b1c69d919e", "value": "43c5d9a267742ee3c6c9bcf3e6f63ec397fbe0233a5d99bdb7dacbfa1a0f69d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236604", "to_ids": true, "type": "ssdeep", "uuid": "fbb7e17a-9833-491d-bdd2-01f7815d27f5", "value": "48:IWZWR85xjGrWRN06kYMW+WUWWWVBMWzMWnyIBqW/MWrx+WnwcoWDWxMWZOWxWqsG:X/XfzVgXkJ+k558UTeqT75gBiwlTUkH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236604", "to_ids": false, "type": "size-in-bytes", "uuid": "1af9ee0e-4bc2-454d-b245-183e3dde3b5c", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236604", "to_ids": true, "type": "filename", "uuid": "85d8c945-af19-464b-a442-423eea051bc4", "value": "Audio_Libya_algeria.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236604", "to_ids": false, "type": "text", "uuid": "90983c2e-c03a-43e3-a9fe-f3c19d6b4cab", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:25/61\nFirst Submission:2026-02-25T17:14:01.000000+00:00\nLast Submission:2026-02-25T17:14:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240884", "uuid": "c4ce7a58-370a-4d29-ba30-fd8a3bda6ca2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240884", "to_ids": true, "type": "md5", "uuid": "67665c57-8d08-4e8c-95e1-2b3a37aa8723", "value": "65722756f2f52278694326a7d7510f6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237458", "to_ids": true, "type": "sha1", "uuid": "126904d1-1688-4562-934d-55b266dee6d3", "value": "9d601ebe67c755112baccd818a51acae86cfd621", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237458", "to_ids": true, "type": "sha256", "uuid": "d2117293-0414-4065-914a-e05859dedf8f", "value": "5b573743306a2324608fdbd9c5cceba6bd5abfaccd1ea8b94c60f73da279e636", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236625", "to_ids": true, "type": "ssdeep", "uuid": "5cbb4322-83ec-475d-a001-5c2e715f44de", "value": "1536:7mImx6tX2kNff4sKu+UYFEYXH5p/HbHVibbwrjnHfUwqub0fGrQTGlx:7m9x6tmkN7Ku+UYFrXH55H5ibbwv/RN7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236625", "to_ids": false, "type": "size-in-bytes", "uuid": "7fe6d461-39c5-4c95-9213-2faa0d7b8dfa", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236625", "to_ids": true, "type": "vhash", "uuid": "839111b6-d27d-456a-b308-4d4189a4dd8b", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236625", "to_ids": true, "type": "filename", "uuid": "87f108b4-3d61-4a3e-bedf-435d1145e483", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236625", "to_ids": false, "type": "text", "uuid": "2d4d2ed4-4002-4cd3-b6e0-a9805ac8b029", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:59/71\nFirst Submission:2025-11-23T08:27:07.000000+00:00\nLast Submission:2025-11-23T10:21:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240905", "uuid": "2fcfe343-caab-410c-b201-c40e0f0df263", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240905", "to_ids": true, "type": "md5", "uuid": "4cfa9e1d-b9a2-40ef-8750-a34a1f651e58", "value": "fac9815fc603b66ea87da7862db930ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237459", "to_ids": true, "type": "sha1", "uuid": "63816e0c-07f7-4e83-a6f2-71ede19c7e2b", "value": "5cc627edfd95c285f2f4a513343d71d92c061d4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237459", "to_ids": true, "type": "sha256", "uuid": "9541683e-48b3-498d-9f44-f936967458b8", "value": "85e01e36b7b2b90af79642732a17dd566af0b10a85fd8a4cc85ea11583a0ff00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236647", "to_ids": true, "type": "ssdeep", "uuid": "78113601-6815-4a5e-9b67-71ebb4db2f2d", "value": "384:iCiiazVFprbbnZYhVnRXOxytlbxutWnsWrnQWtlDSiuCnzs1dIhShXc/i9785KSU:s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236647", "to_ids": false, "type": "size-in-bytes", "uuid": "4cd8131b-6518-4d0a-ae39-38de8a99ff56", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236647", "to_ids": true, "type": "filename", "uuid": "fefe41c0-ef97-44af-acf7-093850ba9d52", "value": "video_saif_eslam.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236647", "to_ids": false, "type": "text", "uuid": "1358617f-3132-43bd-a9da-e39e1e780785", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:24/61\nFirst Submission:2026-02-10T18:09:34.000000+00:00\nLast Submission:2026-02-10T18:09:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240926", "uuid": "88ed43e1-64e5-4c82-822b-dbe21562a316", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240926", "to_ids": true, "type": "md5", "uuid": "ac006565-64eb-4889-a94e-853739230184", "value": "d54238511a98801c40f0e5c17b2dab2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237460", "to_ids": true, "type": "sha1", "uuid": "3c2ff8c4-f818-47eb-ad4f-124e2058e865", "value": "f2e3dff1c84bd5ef49fa59b193623323faa7ab8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237460", "to_ids": true, "type": "sha256", "uuid": "66a17215-16df-46be-9ba8-516408e46014", "value": "ad4e27fe06fae2325faa2a00be7b41f40aa9c63fe79713597b3330ad7e583ca8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236669", "to_ids": true, "type": "ssdeep", "uuid": "6fcda19c-db6d-4b65-a173-755262676011", "value": "768:+qu/g0jH7quH7joj501u/gxP+FETSp4nWabARm3sNijH2JYMtGXgx6701ji5IfO0:N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236669", "to_ids": false, "type": "size-in-bytes", "uuid": "f2b739a9-d1f5-4a77-8c0d-ba10f2733027", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236669", "to_ids": true, "type": "filename", "uuid": "128dc495-ba01-4496-b036-83f099ab627d", "value": "names_libya444.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236669", "to_ids": false, "type": "text", "uuid": "3287f957-1ed2-4ad5-885a-79c51e760a14", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:25/61\nFirst Submission:2025-12-10T07:13:05.000000+00:00\nLast Submission:2025-12-10T07:13:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240947", "uuid": "95469c4d-713d-480c-ba7c-fd2a7a09a698", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240947", "to_ids": true, "type": "md5", "uuid": "41db29ad-8f1f-4cf1-bce0-c5ab09ea15cf", "value": "b0e07ad4548ec387bcca1934a8b05a06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237462", "to_ids": true, "type": "sha1", "uuid": "c4797398-b978-490c-abbc-e9912fd50ee0", "value": "02b617360d34c4e68107f6ac8df9de30e37a0e0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237462", "to_ids": true, "type": "sha256", "uuid": "307bac1a-74c1-48c5-816a-9367f905e1a2", "value": "b4a3f2f5091df7174e82283ed59cd557eea2e8ddd7a018dafc5e8151fd683429", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236690", "to_ids": true, "type": "ssdeep", "uuid": "2f197c7e-c84d-4f66-9cd0-795e80c08d60", "value": "192:BZ4deUfnzbU1Dz2zPzI8+yoSDmi5cnzzJFU757kyjbGHJ/h8EUbTK5QT7czzMwZe:n4Xw2zM8+et2DUxkyj8J/PUbTB3UmV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236690", "to_ids": false, "type": "size-in-bytes", "uuid": "d948be10-76ca-43d9-ae61-7bbb9027b482", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236690", "to_ids": true, "type": "filename", "uuid": "506f733c-4866-4812-8453-82ac53e312aa", "value": "Libya_voice2025.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236690", "to_ids": false, "type": "text", "uuid": "e6728329-5d96-460b-8696-7eedc4ee5bb9", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:25/61\nFirst Submission:2025-11-30T08:09:56.000000+00:00\nLast Submission:2025-11-30T08:09:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240968", "uuid": "42c5dae6-cd93-4af3-bc0a-2d96e96dab3b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240968", "to_ids": true, "type": "md5", "uuid": "379f9e55-6760-4a98-a6d5-bcb2585e1de2", "value": "54f46501fedd1817e5c33728bcd98c37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237463", "to_ids": true, "type": "sha1", "uuid": "6af4c600-ae1e-461e-b189-4647c6da2046", "value": "98b80be29710d1e4a86566adbc1468a5b9bcf088", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237463", "to_ids": true, "type": "sha256", "uuid": "ad8b3e8b-659a-4e6d-a67c-eea8f1133c89", "value": "c2a2c2b26b235bad31a352e1fd475794167ec79928c52d98bccb3607e932c7b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236734", "to_ids": true, "type": "ssdeep", "uuid": "8c8e6b1d-6517-47e6-8d5e-c08d64884da8", "value": "192:TKVzgqIGeucpMGmEUuMpLMG87qIOLpPHgXcGHg87qqooewLYGgLGMK8MrAV2KKWf:GzYSPOPSCJMDFWEJBfQcjH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236734", "to_ids": false, "type": "size-in-bytes", "uuid": "c2c4ff7d-f2d7-459e-a912-60ecc3ac7d16", "value": "72436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236734", "to_ids": true, "type": "filename", "uuid": "f33f1857-4f57-4812-b975-981b156fe7ad", "value": "Voice_Egypt_hafter_Libya.vbs" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236734", "to_ids": false, "type": "text", "uuid": "481b49d6-7773-4435-83b5-076629e963cc", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/AsyncRAT.AAC!AMTB\nVT Total Detection:23/61\nFirst Submission:2026-02-24T16:57:05.000000+00:00\nLast Submission:2026-02-24T16:57:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775240989", "uuid": "4d2f5e0c-f263-4289-b2d3-6b061ec7d632", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775240989", "to_ids": true, "type": "md5", "uuid": "6626ba27-27d0-4b26-b2ac-f045b742d974", "value": "86ad90c48cc0ef88b5b50d5a138225ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237464", "to_ids": true, "type": "sha1", "uuid": "49050448-c6cf-4f59-814e-d87e541fed90", "value": "c6edc82648435c0d19f57a24e3ba18cfabb9b332", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237465", "to_ids": true, "type": "sha256", "uuid": "b96bbe23-c11f-49b6-ad02-ffe521080c56", "value": "c3eef096073dd0873a821c35dd2e7eaf391863264ab72e1b91f2ca73218c2d04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236755", "to_ids": true, "type": "ssdeep", "uuid": "c26ac8c5-323b-42df-8a75-2b416b0a4ab4", "value": "3072:ar+jcDkQziZEWnbzubxCB5Uu9SGXwea4ZXAICDkWp32DR3e5NqtPMRmVudB4L2rk:ck" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236755", "to_ids": false, "type": "size-in-bytes", "uuid": "ae295839-7ad9-4593-a9cd-79ed197f36da", "value": "436016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236755", "to_ids": true, "type": "vhash", "uuid": "fa863f15-f02a-4cd9-8a9c-525b01c8423e", "value": "5dc52704d772b125780154f04dcbc4f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236755", "to_ids": true, "type": "filename", "uuid": "e07e832b-0c85-41d7-b8c7-97c37d21f1a7", "value": "image.png" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236755", "to_ids": false, "type": "text", "uuid": "91554895-b2ca-4274-ac47-5caee3a66d3c", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Boxter.HHT!MTB\nVT Total Detection:25/61\nFirst Submission:2025-12-10T09:39:28.000000+00:00\nLast Submission:2025-12-10T09:39:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775241011", "uuid": "ac522238-4373-4db2-9d1e-826d8fe202ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775241011", "to_ids": true, "type": "md5", "uuid": "40dd5372-c56d-4563-970e-49c5db0b67e2", "value": "f7c00b228fca6ff2bd8d34d930c00fe0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237466", "to_ids": true, "type": "sha1", "uuid": "8b7ca504-7e48-4f4f-8fcc-7d940e55a24f", "value": "8c217656b9ebffbbfb0a0441858524c4e205eaa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237466", "to_ids": true, "type": "sha256", "uuid": "0c79f1e9-14ef-46fa-9be7-ecbda2e37085", "value": "d884a17046bbefd73f76f88533e1f2da40d5233b15caa48245de65d2c19c50dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236799", "to_ids": true, "type": "ssdeep", "uuid": "87588067-413f-4161-bfb0-7b213080757a", "value": "3072:9yr+jcDkQziZEWnbzubxCB5Uu9FG93D4ZEkPVpMaDkWp32DRHe5NqtPMRmVudB4l:Hk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236799", "to_ids": false, "type": "size-in-bytes", "uuid": "898875e1-6d78-4201-9b0b-1b6dc83b11ee", "value": "437005" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236799", "to_ids": true, "type": "vhash", "uuid": "609be965-288e-46e3-b9f3-a2f1d25f528f", "value": "4419d838808a5143b52bf296d9e35b4f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236799", "to_ids": true, "type": "filename", "uuid": "954d1b01-9917-48fb-a5a7-1f19639dce83", "value": "payload_1.ps1" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236799", "to_ids": false, "type": "text", "uuid": "6f85fa42-9b0c-455d-ab2f-0331db41152a", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Boxter.HHT!MTB\nVT Total Detection:24/61\nFirst Submission:2026-01-28T22:44:43.000000+00:00\nLast Submission:2026-01-28T22:44:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775241033", "uuid": "e458b815-11d4-4d2f-9651-dec4d081c9ff", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775241033", "to_ids": true, "type": "md5", "uuid": "ce7049c6-7e44-4caa-9667-58758fc33dbd", "value": "5ebbf53acbb795573e52c704bd8c70d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237467", "to_ids": true, "type": "sha1", "uuid": "d282049e-1d79-46f4-a8b2-994a7eeb81b1", "value": "290467b1344b29e1d8cadfc7e7d630c9bd791ce1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237467", "to_ids": true, "type": "sha256", "uuid": "c5b599fa-3ba8-4646-ae19-e94afaa0b0f2", "value": "ece81cdc6fc12a07a984b98df58e34c92998cdd957e1f45cabd925056bb0f92e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236820", "to_ids": true, "type": "ssdeep", "uuid": "bf152c6e-0f8f-4d22-844c-b3ad503f6b0e", "value": "1536:B2wuMvF1ak9gcKu5UYFQHlt+nbcrVHZB+E8p7vYGUrQTGhx:B2dMvF1ak9Ku5UYFg+nbc178pDYtGSx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236820", "to_ids": false, "type": "size-in-bytes", "uuid": "569c3686-36ff-4a46-b3ee-ab0078d6e4cc", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236820", "to_ids": true, "type": "vhash", "uuid": "dc4c3e4f-323c-470c-b5e6-8429d95c7c66", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236820", "to_ids": true, "type": "filename", "uuid": "ed908831-fa29-4cf1-bc14-0e3fee7bc3d0", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236820", "to_ids": false, "type": "text", "uuid": "77d0c490-42a3-4718-b955-181dcaeb01f4", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:59/71\nFirst Submission:2025-12-22T17:19:12.000000+00:00\nLast Submission:2025-12-23T00:27:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775241055", "uuid": "e4eaaadf-a87d-4646-ac65-62a69138f940", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775241055", "to_ids": true, "type": "md5", "uuid": "bbd91df6-80ca-4eb7-a279-16c3a866c352", "value": "d516147fac00e9abb88ed19f784295f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237468", "to_ids": true, "type": "sha1", "uuid": "3a08552b-d472-4096-aaa5-3c0f77c52880", "value": "4ad4d72d6b3a87161afbdfd735d1fdc96bb03422", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237469", "to_ids": true, "type": "sha256", "uuid": "5717446f-d5db-4021-b7bb-880ae4bc80f2", "value": "f8b5a5429fb1da677ab8c09fc95b26e3b3d8bcd27521a56cc835fbf5878dbcd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775236842", "to_ids": true, "type": "ssdeep", "uuid": "c4970b2c-9ac4-48e5-9b77-a116835d8dd0", "value": "1536:omImx6tX2kNff4sKu+UYF9aQKGoa96bTkHz2BPdtGqqbGhHrQTGVx:om9x6tmkN7Ku+UYFMQKGx96bTkHEPFGo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775236842", "to_ids": false, "type": "size-in-bytes", "uuid": "f620488c-81c1-4e96-8f8d-0e846fe3c8a4", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775236842", "to_ids": true, "type": "vhash", "uuid": "dc16a0cc-b368-4430-95e7-d77cd1051914", "value": "264036555511c08c321d104e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775236842", "to_ids": true, "type": "filename", "uuid": "36ae208d-8ad5-4829-a62b-d8bc867701ed", "value": "Stub.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775236842", "to_ids": false, "type": "text", "uuid": "b1c7cbfe-ad27-432c-b2f7-8eec43668beb", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/AsyncRat.AD!MTB\nVT Total Detection:58/71\nFirst Submission:2025-11-17T10:55:12.000000+00:00\nLast Submission:2025-11-17T19:14:56.000000+00:00" } ] } ] } }