{ "Event": { "analysis": "1", "date": "2026-05-05", "extends_uuid": "", "info": "[Threat Intel] UAT-8302 and its box full of malware", "protected": false, "publish_timestamp": "1779546542", "published": true, "threat_level_id": "2", "timestamp": "1779546542", "uuid": "8fc2d3cc-7ec3-45b7-84f8-38e23b894b54", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#7c6ad9", "local": false, "name": "misp-galaxy:producer=\"Cisco Talos Intelligence Group\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#aff0ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Permission Groups Discovery - T1069\"", "relationship_type": "" }, { "colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1087.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#b596f0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#3970d7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SNAPPYBEE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DracuLoader\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SNOWLIGHT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Estries\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LongNosedGoblin\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"REF7707\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"UNC5174\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Vshell\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"STOWAWAY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"005 - South America\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"039 - Southern Europe\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778036420", "to_ids": false, "type": "link", "uuid": "e8c80894-a9c7-42e6-98ee-ce17f4421e7d", "value": "https://blog.talosintelligence.com/uat-8302/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778036420", "to_ids": false, "type": "text", "uuid": "8947da05-9a59-4d0a-82d3-4f63fe9e7f3d", "value": "UAT-8302 is a sophisticated China-nexus advanced persistent threat group targeting government entities in South America since late 2024 and southeastern Europe in 2025. The actor deploys multiple custom-made malware families including NetDraft, a .NET-based backdoor variant of FinalDraft/SquidDoor, and CloudSorcerer version 3. Post-compromise activities involve extensive reconnaissance, credential extraction, information collection from Active Directory, and network proliferation using tools like Impacket. The group establishes persistence through scheduled tasks and deploys additional malware including VSHELL, SNAPPYBEE/DeedRAT, and ZingDoor. UAT-8302 demonstrates connections to several China-nexus threat clusters through shared tooling, including Draculoader and SNOWLIGHT stager. The actor uses legitimate services like MS Graph and OneDrive for command-and-control infrastructure and establishes backdoor access through proxy servers using tools written in Simplified Chinese." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778036420", "to_ids": false, "type": "text", "uuid": "10575eb4-608f-4146-b83d-33adefe97566", "value": "Name: UAT-8302 and its box full of malware\nAuthor: AlienVault\nAdversary: UAT-8302\nTags: [\"fringeporch\", \"netdraft\", \"draculoader\", \"snowrust\", \"snowlight\", \"zingdoor\", \"finaldraft\", \"nosydoor\", \"vshell\", \"deedrat\", \"cloudsorcerer\", \"squiddoor\", \"snappybee\"]\nTgtd countries: [\"Japan\", \"Russian Federation\"]\nMlwr families: [\"NetDraft\", \"FringePorch\", \"CloudSorcerer\", \"VSHELL\", \"SNOWLIGHT\", \"SNOWRUST\", \"DeedRAT\", \"SNAPPYBEE\", \"ZingDoor\", \"Draculoader\", \"FinalDraft\", \"SquidDoor\", \"NosyDoor\"]\nAttack_ids: [\"T1053.005\", \"T1003\", \"T1069\", \"T1071.004\", \"T1087.002\", \"T1087.001\", \"T1135\", \"T1190\", \"T1055\", \"T1090\", \"T1482\", \"T1083\", \"T1059.001\", \"T1078\", \"T1027\", \"T1570\", \"T1071.001\", \"T1018\", \"T1574.002\", \"T1105\"]\nIndustries: [\"Government\", \"Telecommunications\", \"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778879925", "to_ids": false, "type": "threat-actor", "uuid": "75b133d6-4137-4f41-b9c2-b6147b223a1f", "value": "UAT-8302", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Estries\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897751", "to_ids": true, "type": "ip-dst", "uuid": "1317721f-d94e-44d7-9c36-fe39c56f2dad", "value": "103.27.108.55", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778036420", "to_ids": false, "type": "vulnerability", "uuid": "7b5e4b47-564f-414d-9649-b290435d40c6", "value": "CVE-2025-0994" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897773", "to_ids": true, "type": "ip-dst", "uuid": "c3041d38-7fc6-4263-b614-cd1a40afbece", "value": "156.238.224.82", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897794", "to_ids": true, "type": "ip-dst", "uuid": "afd7bd70-99d6-4dc1-8f09-bb4099ded769", "value": "45.140.168.62", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778036420", "to_ids": false, "type": "vulnerability", "uuid": "d8149a3f-e557-4e8a-a198-1737ceb4deb4", "value": "CVE-2025-20333" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778036420", "to_ids": false, "type": "vulnerability", "uuid": "bef76dcb-e1e9-42d4-88f7-a992e80c66eb", "value": "CVE-2025-20362" }, { "category": "Payload delivery", "comment": "ZingDoor No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546533", "to_ids": true, "type": "sha256", "uuid": "fb470855-19ca-4e02-a6f9-466b1df977da", "value": "071e662fc5bc0e54bcfd49493467062570d0307dc46f0fb51a68239d281427c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897815", "to_ids": true, "type": "ip-dst", "uuid": "a907e99e-2f7e-44b0-aa9d-b7706a50e87c", "value": "185.238.189.41", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897836", "to_ids": true, "type": "ip-dst", "uuid": "109cbe67-23f2-4234-be7e-4bcfbf2604f9", "value": "38.54.32.244", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NetDraft, FringePorch No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546535", "to_ids": true, "type": "sha256", "uuid": "9968410f-f136-48e1-b872-0c2aae65b55c", "value": "1139b39d3cc151ddd3d574617cf113608127850197e9695fef0b6d78df82d6ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NetDraft, FringePorch No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546537", "to_ids": true, "type": "sha256", "uuid": "7bba3301-05c3-4696-a0f9-10aaeef4ad53", "value": "51f0cf80a56f322892eed3b9f5ecae45f1431323600edbaea5cd1f28b437f6f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SharpGetUserLogin No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546539", "to_ids": true, "type": "sha256", "uuid": "68c2c804-478e-4e93-999a-5424f365f628", "value": "9f115e9b32111e4dc29343a2671ab10a2b38448657b24107766dc14ce528fceb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SharpGetUserLogin No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546540", "to_ids": true, "type": "sha256", "uuid": "15884395-4129-43af-9f3c-912d124ca99e", "value": "b19bfca2fc3fdabf0d0551c2e66be895e49f92aedac56654b1b0f51ec66e7404", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NetDraft, FringePorch No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546542", "to_ids": true, "type": "sha256", "uuid": "75baba8d-f835-45f5-a803-777c7eed5a7f", "value": "ee56c49f42522637f401d15ac2a2b6f3423bfb2d5d37d071f0172ce9dc688d4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897857", "to_ids": true, "type": "ip-dst", "uuid": "a35f985a-173e-49c5-b708-eea283439fa2", "value": "45.135.135.100", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897878", "to_ids": true, "type": "ip-dst", "uuid": "67161b9e-0e39-4c67-bb31-b68b857f4c8d", "value": "85.209.156.3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897899", "to_ids": true, "type": "ip-dst", "uuid": "10ab0e4d-dc34-4734-993d-aae8a512327e", "value": "88.151.195.133", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897920", "to_ids": true, "type": "url", "uuid": "43763fd3-1d65-4c3c-ae13-82ce65e39c43", "value": "http://msiidentity.com/pw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897942", "to_ids": true, "type": "url", "uuid": "0c14c468-7094-4416-bfb1-a1de855dc7d0", "value": "http://trafficmanagerupdate.com/index.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897963", "to_ids": true, "type": "url", "uuid": "52be376b-06c3-4fd2-b8da-8198532f2d28", "value": "http://www.drivelivelime.com/pw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778897984", "to_ids": true, "type": "url", "uuid": "b2a3cd74-6c05-4ef4-b779-d01ee3b3df9a", "value": "http://www.drivelivelime.com/x", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898005", "to_ids": true, "type": "domain", "uuid": "b4dbd739-8181-4501-905c-727ddfcd8cf5", "value": "msiidentity.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898026", "to_ids": true, "type": "domain", "uuid": "d5cabf2d-2f32-4b7a-9ae3-b1aad7a1b8d9", "value": "trafficmanagerupdate.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898047", "to_ids": true, "type": "hostname", "uuid": "f669435a-2667-4edf-9a33-adfc10bec8ff", "value": "www.drivelivelime.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778707837", "to_ids": false, "type": "malware-type", "uuid": "a599906b-86c7-4ce8-bd89-4fa40fd05668", "value": "NetDraft", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LongNosedGoblin\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"REF7707\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778707882", "to_ids": false, "type": "malware-type", "uuid": "a8dd95d4-6a67-4d71-8ec7-9a05bdb8d675", "value": "CloudSorcerer backdoor", "Tag": [ { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898068", "to_ids": true, "type": "hostname", "uuid": "3b05d2a7-f6bf-4d04-91c8-b5b22d5e3218", "value": "image.update-kaspersky.workers.dev", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898089", "to_ids": true, "type": "hostname", "uuid": "618cd96f-c030-40fd-a4f8-17e1637b7054", "value": "update-kaspersky.workers.dev", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 56456", "deleted": false, "disable_correlation": false, "timestamp": "1778708041", "to_ids": true, "type": "ip-dst|port", "uuid": "90fa34c1-d9e4-4aca-ad0c-f2f5a98bc887", "value": "85.209.156.3|56456" }, { "category": "Network activity", "comment": "On port 46389", "deleted": false, "disable_correlation": false, "timestamp": "1778708041", "to_ids": true, "type": "ip-dst|port", "uuid": "b404baa5-c3ff-4b1f-8259-79a3eb817698", "value": "85.209.156.3|46389" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898110", "to_ids": true, "type": "url", "uuid": "6aa45e32-f390-4795-b7dd-c7cc7c22920b", "value": "https://www.drivelivelime.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898132", "to_ids": true, "type": "url", "uuid": "d236608b-f0c6-43f8-83d0-d13036645c5e", "value": "https://www.drivelivelime.com/x", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898154", "to_ids": true, "type": "url", "uuid": "d88c5ce8-c65c-439d-8e45-5c3f52bc2da7", "value": "https://www.drivelivelime.com/pw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898174", "to_ids": true, "type": "url", "uuid": "250777c8-5d02-45f9-91da-cbaf73f250af", "value": "https://msiidentity.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898195", "to_ids": true, "type": "url", "uuid": "ec93bc2d-f274-45ab-a395-1ea926aa4dd0", "value": "https://msiidentity.com/pw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898217", "to_ids": true, "type": "url", "uuid": "598faaff-f91a-4a16-9c15-3b1c3b0532d5", "value": "http://85.209.156.3:8080/wagent.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898238", "to_ids": true, "type": "url", "uuid": "eb0aa3c3-e494-4fb0-a55a-1ed407043d60", "value": "http://85.209.156.3:8082/wagent.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1778898259", "to_ids": true, "type": "url", "uuid": "13ea4322-0962-47eb-97af-e32364d4e934", "value": "http://185.238.189.41", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898280", "to_ids": true, "type": "url", "uuid": "936d7e56-bd7c-4283-8f55-2c1c2da96c2e", "value": "http://103.27.108.55:48265/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778898301", "to_ids": true, "type": "url", "uuid": "32af3e60-ff2b-4bcf-95ad-131266bc5ada", "value": "http://38.54.32.244/Rar.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546497", "uuid": "7f33952f-f8e2-4423-8769-e5e4e74f592f", "Attribute": [ { "category": "Payload delivery", "comment": "PortQry", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546496", "to_ids": true, "type": "md5", "uuid": "110057a3-dc5c-45d6-a378-963f745c5dc6", "value": "c6ac67f4076ca431acc575912c194245", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PortQry", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546497", "to_ids": true, "type": "sha1", "uuid": "b92b476f-34de-43af-ac42-b6b13c33e8d4", "value": "6bc8bc559c80218055dcd58cc9376ea7d10babde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PortQry", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546497", "to_ids": true, "type": "sha256", "uuid": "686c2be1-f652-4911-a350-f98cb212a4f1", "value": "fb6cebadd49d202c8c7b5cdd641bd16aac8258429e8face365a94bd32e253b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896091", "to_ids": true, "type": "ssdeep", "uuid": "512ad566-4d33-4bdf-95d2-adee6c718b45", "value": "3072:KA9ywoCP0BjhEzhNfAtaAkpP3rClce6v08kylrcWUd6t7P17:KwowehEzTYkpfGgkylrc6t7P17" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896091", "to_ids": false, "type": "size-in-bytes", "uuid": "5fc3db11-9216-41a7-b7fe-eb5f8dbb5b6e", "value": "143360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896091", "to_ids": true, "type": "vhash", "uuid": "f69cc40f-0cfe-4c7f-a38f-69e0a7333939", "value": "015036655d1038z3f1z17z3097z14z137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896091", "to_ids": true, "type": "filename", "uuid": "3b06df64-4ea0-4dd7-86c7-c1198c40a235", "value": "PortQry.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896091", "to_ids": false, "type": "text", "uuid": "59f057f0-2668-4af7-b166-4d8fd4367344", "value": "PortQry\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2008-11-18T11:40:42.000000+00:00\nLast Submission:2026-05-15T10:20:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546500", "uuid": "864a8f61-f7fc-4840-a758-648522cdf575", "Attribute": [ { "category": "Payload delivery", "comment": "Draculoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546499", "to_ids": true, "type": "md5", "uuid": "2bd8a513-a0e7-4988-985e-6e69ec2dd101", "value": "4c71357de3c0b12094693ca6eff94cad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Draculoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546499", "to_ids": true, "type": "sha1", "uuid": "0ba62ff3-80f6-4709-b977-4fdaa0c9b719", "value": "c46bac27b5ca151afabd22c5546f78ae2ae3a20d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Draculoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546500", "to_ids": true, "type": "sha256", "uuid": "c9d9e247-0515-4df9-bc73-b1bbc7ee00c1", "value": "843f8aea7842126e906cadbad8d81fa456c184fb5372c6946978a4fe115edb1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896134", "to_ids": true, "type": "ssdeep", "uuid": "9d374b33-1e0d-4854-a3c8-5012b863953e", "value": "1536:Z2qgtsJIoq8dUhEHAF99RfiYZ6sWEcdFUgwjsei:Z2qXJI8dUhEHyfiYIFUg6sei" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896134", "to_ids": false, "type": "size-in-bytes", "uuid": "782f42a1-1890-410a-8d96-477f0cbffccf", "value": "73216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896134", "to_ids": true, "type": "vhash", "uuid": "1bda6b6f-915b-4e91-a792-de7c058d2fbf", "value": "174056655d15156az4!z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896134", "to_ids": true, "type": "filename", "uuid": "e24584f7-ead4-41db-a125-926d560a776f", "value": "ntdll.dll" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896134", "to_ids": false, "type": "text", "uuid": "e8b0bb9e-adaf-456e-b8ff-5bf5e3a9e63b", "value": "Draculoader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2025-10-13T03:40:01.000000+00:00\nLast Submission:2025-11-26T11:24:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546502", "uuid": "57d781a6-2e2b-48d7-9e94-84557c754b6a", "Attribute": [ { "category": "Payload delivery", "comment": "VSHELL", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546501", "to_ids": true, "type": "md5", "uuid": "c4445af6-1a60-4d2d-9324-e866e7a3f8ad", "value": "b0467b78bf67cf703b1ce2ad38d3664c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VSHELL", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546502", "to_ids": true, "type": "sha1", "uuid": "90f5a58f-dc21-4b2b-9862-dd5f267b572e", "value": "45550a47bca6dac8347d3c770d52eb780d614908", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VSHELL", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546502", "to_ids": true, "type": "sha256", "uuid": "edf5273a-5347-482f-961b-49e8aef405a3", "value": "199bd156c81b2ef4fb259467a20eacaa9d861eeb2002f1570727c2f9ff1d5dab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896177", "to_ids": true, "type": "ssdeep", "uuid": "6c29ae5b-2c7f-48ee-8116-ff83c72f7658", "value": "98304:kXLqobr/JEsGe7ddo01sJ0EgXieFnNKKl9U:kbqoX1l7ddo01Q0EY9nfl9U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896177", "to_ids": false, "type": "size-in-bytes", "uuid": "ff231414-4ffa-42ef-aa8f-49cca31bb1d9", "value": "5158400" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896177", "to_ids": false, "type": "text", "uuid": "6d5fb8f6-9242-40a0-9a02-ee97eafc03e7", "value": "VSHELL\r\nType Description: unknown\nMicrosoft: Trojan:Win32/ShellCodeRunner!MSR\nVT Total Detection:28/61\nFirst Submission:2025-11-14T16:08:30.000000+00:00\nLast Submission:2026-05-11T20:48:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546505", "uuid": "4f4e5541-dd4f-4835-af67-f3303d732bd1", "Attribute": [ { "category": "Payload delivery", "comment": "QScan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546504", "to_ids": true, "type": "md5", "uuid": "c3faea43-2005-47de-ae80-f4d48a15f874", "value": "97f04361758d4242428f9e6801a02583", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "QScan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546504", "to_ids": true, "type": "sha1", "uuid": "ca43c401-6f7a-4371-b23c-a05e461a0081", "value": "75c88fd77024dce3931911d6630fccf93460ea9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "QScan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546505", "to_ids": true, "type": "sha256", "uuid": "6c12e8b6-f2b3-40f0-ab5a-7678eb97c803", "value": "1bb59491f7289b94ab0130d7065d74d2459a802a7550ebf8cd0828f0a09c4d38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896199", "to_ids": true, "type": "ssdeep", "uuid": "a965b980-4c00-460d-8f20-30bce9a1ccb7", "value": "196608:PraYZZbB3qbNsfBhlJWix2Li1MyHpX+JB:Pra6bBgNOl0iZmm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896199", "to_ids": false, "type": "size-in-bytes", "uuid": "6c6ba07e-ef10-4739-aa17-f434a34301ae", "value": "8872448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896199", "to_ids": true, "type": "vhash", "uuid": "17e518ac-6cf6-4c41-8a47-922e158573f9", "value": "08603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896199", "to_ids": true, "type": "filename", "uuid": "51153382-4014-4144-aeed-b6951a9ae9ec", "value": "qscan.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896199", "to_ids": false, "type": "text", "uuid": "2580c109-f7d5-4da6-ba77-fc4bf22442a8", "value": "QScan\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:44/71\nFirst Submission:2025-04-28T09:44:59.000000+00:00\nLast Submission:2025-11-04T08:29:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546507", "uuid": "285712be-a2ef-4cee-bec0-2725effae1f9", "Attribute": [ { "category": "Payload delivery", "comment": "Gogo", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546507", "to_ids": true, "type": "md5", "uuid": "a084e664-e8b7-4bfb-9c4a-a1ea7aef7254", "value": "fc9c1ba5f1a804b93558b7213adc24bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Gogo", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546507", "to_ids": true, "type": "sha1", "uuid": "48c2f8df-4eee-4037-8d25-d6d2e430bb00", "value": "6bf0b85ac5bd117595cb38697e3e8da9e8f1eef2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Gogo", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546507", "to_ids": true, "type": "sha256", "uuid": "940a9069-e13c-4ce4-8652-0d3afd2eb821", "value": "2b627f6afe1364a7d0d832ccba87ef33a8a39f30a70a5f395e2a3cb0e2161cb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896220", "to_ids": true, "type": "ssdeep", "uuid": "8fd5f70a-325c-4bd0-9077-c88bda22d34e", "value": "49152:uKUXd+uWbPrb/TovO90dL3BmAFd4A64nsfJmcxWtgGgolfIpypE4f9G/PXBMeE9T:uHgTWeyDAu05EJJh9RVATsm5AzaFoxa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896220", "to_ids": false, "type": "size-in-bytes", "uuid": "67ae87b7-20e4-4bd1-b5e6-daec83774633", "value": "8404480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896220", "to_ids": true, "type": "vhash", "uuid": "65538b3f-84eb-45de-bb93-204f4055bbc3", "value": "0860d6655d55557575157az27!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896220", "to_ids": true, "type": "filename", "uuid": "52c2e035-93b5-4bf9-8637-db69c2ac90d0", "value": "0emap2a.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896220", "to_ids": false, "type": "text", "uuid": "6c598e4c-83e8-4072-8e8c-36ef2d430889", "value": "Gogo\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:31/71\nFirst Submission:2025-12-11T12:55:15.000000+00:00\nLast Submission:2025-12-11T12:55:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546510", "uuid": "4c8d3d51-924c-43a8-9641-a1e851b49423", "Attribute": [ { "category": "Payload delivery", "comment": "Dddd", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546509", "to_ids": true, "type": "md5", "uuid": "bb04ad48-13b7-4bcb-9ba6-9b2aeaed6801", "value": "3d00e34594dbaba266f301ca37246e06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dddd", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546509", "to_ids": true, "type": "sha1", "uuid": "5787d79d-78c2-4978-b424-5a5365a711b9", "value": "a1c3520282c81afabdefa4834b96563edf95c3c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dddd", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546510", "to_ids": true, "type": "sha256", "uuid": "0cd0b51f-d08e-4023-b6f0-9dab7be93ffa", "value": "343105919aa6df8a75ecb8b06b74f23a7d3e221fca56c67b728c50ea141314bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896242", "to_ids": true, "type": "ssdeep", "uuid": "c3c1b9a8-d09c-429f-b448-f864186fdf29", "value": "786432:Jylzyzl3N9SD0iG1vZAOlvxiWRV2dzCx09ov:Joy1N9IG1jlxV2dzCS9ov" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896242", "to_ids": false, "type": "size-in-bytes", "uuid": "0da42e5e-0f25-4001-9eed-7cb569218538", "value": "29189632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896242", "to_ids": true, "type": "vhash", "uuid": "8d0c71a5-b47a-4f39-bae4-38615d712314", "value": "02703e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896242", "to_ids": true, "type": "filename", "uuid": "78739def-6a4c-4e2c-9f5e-bfbc98a1def7", "value": "dddd64.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896242", "to_ids": false, "type": "text", "uuid": "46127905-2b11-490f-9799-b685573d335c", "value": "Dddd\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:39/71\nFirst Submission:2024-06-11T03:05:17.000000+00:00\nLast Submission:2026-04-24T11:14:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546512", "uuid": "d8245f0f-ef46-4272-8992-cd9867989afc", "Attribute": [ { "category": "Payload delivery", "comment": "VSHELL", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546512", "to_ids": true, "type": "md5", "uuid": "41e17303-d7b7-41f8-8084-c7a3a9d88892", "value": "23b7908c6bde98456e653c1d0b2e6962", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VSHELL", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546512", "to_ids": true, "type": "sha1", "uuid": "1dbbf4af-f2c6-43c0-8c82-5d69ab463d67", "value": "0481e87d4d0cb3ba9d5c53c726c9c37bd802114c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VSHELL", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546512", "to_ids": true, "type": "sha256", "uuid": "af990e92-8686-4bd1-bccf-ffabefc0a0d6", "value": "35b2a5260b21ddb145486771ec2b1e4dc1f5b7f2275309e139e4abc1da0c614b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896264", "to_ids": true, "type": "ssdeep", "uuid": "01d24be6-5c2a-4e1e-9645-cb11dc155a84", "value": "192:He1z4tZIo7xPB3uBr79Van35Fk4oBgPUP5IHQQYRjzZC0YJZvzqOScnTR:He54tPtIBrpKXoLhIwv3ZC0YKeTR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896264", "to_ids": false, "type": "size-in-bytes", "uuid": "89549d17-cf19-442e-9780-69e556f8f5ff", "value": "19968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896264", "to_ids": true, "type": "vhash", "uuid": "8e382424-99e6-4a1d-b2d6-e81edb1c5862", "value": "114056551d15151az1anz1dz11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896264", "to_ids": true, "type": "filename", "uuid": "9798f863-de28-49ae-baa9-f159b6711b57", "value": "WININET.dll" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896264", "to_ids": false, "type": "text", "uuid": "bdf45f14-195a-4544-8b7b-0c6d25687b6a", "value": "VSHELL\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/AmberShoal.A\nVT Total Detection:45/71\nFirst Submission:2026-01-06T18:17:55.000000+00:00\nLast Submission:2026-01-06T18:17:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546515", "uuid": "67d32ed7-88cb-41b0-b3a8-2c1d8ecc42b1", "Attribute": [ { "category": "Payload delivery", "comment": "SoftEther VPN", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546514", "to_ids": true, "type": "md5", "uuid": "617c8d00-015a-4f64-b635-5dd627141c89", "value": "efc71bd23572eec985a6d1bbf61308fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SoftEther VPN", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546515", "to_ids": true, "type": "sha1", "uuid": "7d338c43-2b34-46cc-aab6-bd9fa9918a76", "value": "7b6e094d98eb3f695e5856db4d8d22e11898cec9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SoftEther VPN", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546515", "to_ids": true, "type": "sha256", "uuid": "7e5222e2-2b37-4a06-8c1f-66d29b45fe0f", "value": "3dec6703b2cbc6157eb67e80061d27f9190c8301c9dd60eb0be1e8b096482d7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896285", "to_ids": true, "type": "ssdeep", "uuid": "077b92a0-e864-4b95-a3c5-fbef8085d8ad", "value": "98304:G5S+VIZTVeMflmE+F+lEC7f7pkm/TjL8Jh:GIOSlmE+FiEM7pl/X4Jh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896285", "to_ids": false, "type": "size-in-bytes", "uuid": "28d6b905-677e-43bd-b552-3fd6221dfc5e", "value": "7069440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896285", "to_ids": true, "type": "vhash", "uuid": "a19c59e5-0dbb-44d3-9084-4133bca10b1c", "value": "076066655d55656551z8041zd00ba1z13z5025zd01011z51z2227z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896285", "to_ids": true, "type": "filename", "uuid": "6b38ab3c-e286-4be3-a9c9-b8f05d719ca3", "value": "vpnserver_x64.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896285", "to_ids": false, "type": "text", "uuid": "e461f163-98e9-46a3-8e86-fed9cea1e320", "value": "SoftEther VPN\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:5/71\nFirst Submission:2025-04-16T06:07:59.000000+00:00\nLast Submission:2026-04-28T07:11:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546518", "uuid": "becd317f-bfec-49b0-8fdf-d6bd702ba76e", "Attribute": [ { "category": "Payload delivery", "comment": "Httpx", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546517", "to_ids": true, "type": "md5", "uuid": "953988f4-9ff5-4fca-9eec-9582b14e7561", "value": "44124ec5e23044afc16eafa9e50e4589", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Httpx", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546517", "to_ids": true, "type": "sha1", "uuid": "8c6a2bc7-80d5-4f5e-b010-b2c1c5ab3907", "value": "f5be4f25212b0f437c080aaff883dcc527074928", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Httpx", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546518", "to_ids": true, "type": "sha256", "uuid": "df6f900b-93d2-4b1d-a9d0-7fe1f7c268eb", "value": "4109f15056414f25140c7027092953264944664480dd53f086acb8e07d9fccab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896307", "to_ids": true, "type": "ssdeep", "uuid": "7cb88dc1-daf7-4e8a-bf11-9d7a0d4c039e", "value": "393216:IMkJTRHKmjOEib3og+H5hifpq/cbmo3TTkLX0kyJB/Rn:WVRHTaEiGZhapkZojiyzpn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896307", "to_ids": false, "type": "size-in-bytes", "uuid": "667cae3b-27f1-4b83-ac48-14e5f4fdea56", "value": "15092329" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896307", "to_ids": true, "type": "vhash", "uuid": "518966cd-a77f-43a3-8874-af8aa2cf131c", "value": "d407b1661f6de2602a751e72d1469378" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896307", "to_ids": true, "type": "filename", "uuid": "12a5227a-0ed2-4617-b2cb-6d4aebfc5440", "value": "httpx_1.7.1_windows_amd64.zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896307", "to_ids": false, "type": "text", "uuid": "40ca628c-3495-4596-ab68-43273739b984", "value": "Httpx\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:0/68\nFirst Submission:2025-07-26T08:55:33.000000+00:00\nLast Submission:2025-10-08T14:54:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546520", "uuid": "5d937f5c-72cd-4304-b505-f9b8f174ee0a", "Attribute": [ { "category": "Payload delivery", "comment": "Naabu", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546519", "to_ids": true, "type": "md5", "uuid": "6bf8ab1e-aabc-4c98-bf1c-10894b29f2f3", "value": "99911fce9e0d697c99421b81e8fe2a04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Naabu", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546520", "to_ids": true, "type": "sha1", "uuid": "81153778-5b1b-4824-8f38-79fdb25d6907", "value": "f1551d3e5d144eef4e70a29dd3dc52fb22459d1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Naabu", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546520", "to_ids": true, "type": "sha256", "uuid": "6b568240-2adb-49ff-9717-0feaf36cce30", "value": "45cd169bf9cd7298d972425ad0d4e98512f29de4560a155101ab7427e4f4123f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896329", "to_ids": true, "type": "ssdeep", "uuid": "2816da8a-162d-4166-bb9c-dfe89b5530d0", "value": "196608:Ff/ZzhEhN9yulYzBQxJBwhJrMBErVf9IWOGkF:FpzhWN9yuSzimhJrMBExHk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896329", "to_ids": false, "type": "size-in-bytes", "uuid": "5e4a7d9a-5b1d-4e9c-b1b6-ae2eb531baf7", "value": "30667776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896329", "to_ids": true, "type": "vhash", "uuid": "bf2ab39d-9180-4f18-a2ff-acbacf22f8c2", "value": "037086655d15551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896329", "to_ids": true, "type": "filename", "uuid": "215a0847-bf45-4ed9-b4a3-98289c46cb91", "value": "naabu.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896329", "to_ids": false, "type": "text", "uuid": "4ad0ba73-7359-462c-b7a2-11ff2c343a65", "value": "Naabu\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:32/71\nFirst Submission:2025-07-30T04:01:42.000000+00:00\nLast Submission:2025-09-26T21:15:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546523", "uuid": "06e9cf9d-df60-432b-84d9-cc637c43cdc6", "Attribute": [ { "category": "Payload delivery", "comment": "Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546522", "to_ids": true, "type": "md5", "uuid": "8fef48d6-dd7c-44b3-b2ee-a9ecca7f3dce", "value": "f694401d8e80bb0f672b1b30fd7b153a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546523", "to_ids": true, "type": "sha1", "uuid": "6255d748-6856-4d4b-a0cf-b3b4d19d07de", "value": "3ddd90b99ee7ac3ec39e1d22b67c257d273a0970", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546523", "to_ids": true, "type": "sha256", "uuid": "db7215b1-4ea2-4e91-ad9b-09936f0fea5e", "value": "7c593ca40725765a0747cc3100b43a29b88ad1708ef77e915ab02686c0153001", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896372", "to_ids": true, "type": "ssdeep", "uuid": "6f2fe917-78b4-42c3-8491-24e33d707146", "value": "49152:nMIBv8Te0kufBjwujayPT0e7uGHxACEGeEV+6kEpiqIfWJycBNErhg2lThypWV/7:MIJ860nBjwujayQeX9yEofB+96rhgpWR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896372", "to_ids": false, "type": "size-in-bytes", "uuid": "cb5f88e3-f35d-43b5-b6d2-60e471f4e036", "value": "2278912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896372", "to_ids": true, "type": "vhash", "uuid": "64c3f69a-7a87-4c8f-b235-087caa6098ba", "value": "02603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896372", "to_ids": true, "type": "filename", "uuid": "87b877b9-1ae5-446e-99da-a33f7ae0bf1b", "value": "7c593ca40725765a0747cc3100b43a29b88ad1708ef77e915ab02686c0153001.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896372", "to_ids": false, "type": "text", "uuid": "6879a276-43bf-49cf-a204-09def50bf8e9", "value": "Stowaway\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:45/71\nFirst Submission:2024-08-20T02:07:42.000000+00:00\nLast Submission:2026-05-06T10:20:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546526", "uuid": "b4dae42f-dc13-4560-aa31-986890e39a27", "Attribute": [ { "category": "Payload delivery", "comment": "anyproxy", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546525", "to_ids": true, "type": "md5", "uuid": "f08488db-2641-4d66-9f65-1ddad83ec217", "value": "111e8abb4b8592172d597926f47f018c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "anyproxy", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546525", "to_ids": true, "type": "sha1", "uuid": "be53b875-0cb1-4005-9d32-fa2562d5fa54", "value": "738d4398e7d11427051093ba8a6f37e51470795c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "anyproxy", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546526", "to_ids": true, "type": "sha256", "uuid": "d4614743-45b7-4d7e-b642-7edc4dc8fca9", "value": "7d9c70fc36143eb33583c30430dcb40cf9d306067594cc30ffd113063acd6292", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896393", "to_ids": true, "type": "ssdeep", "uuid": "ac885d1e-0b65-4137-9f5d-0a95c37de2e9", "value": "49152:5PLi7njNrb/TivO90dL3BmAFd4A64nsfJ9zqgnA5NjSR4EUeR8+aFueQTlk8rm9S:SjTnjR4eRw9uXFEzV5a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896393", "to_ids": false, "type": "size-in-bytes", "uuid": "f55132d6-bdc2-4964-abde-4a8c136eb243", "value": "6717440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896393", "to_ids": true, "type": "vhash", "uuid": "d19429e8-a511-43ff-a490-2bfa0a444065", "value": "066066655d5d15541az29!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896393", "to_ids": true, "type": "filename", "uuid": "80b7a0d9-92bb-4abc-b01f-9df189c6b804", "value": "spooler.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896393", "to_ids": false, "type": "text", "uuid": "649996e7-ed6e-49b3-a992-e91eaa53ff55", "value": "anyproxy\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:32/71\nFirst Submission:2026-02-02T10:00:41.000000+00:00\nLast Submission:2026-03-23T09:07:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546529", "uuid": "ad479ce8-bca2-448a-a6b1-8c172872ae40", "Attribute": [ { "category": "Payload delivery", "comment": "Gogo", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546528", "to_ids": true, "type": "md5", "uuid": "66ff19e5-3844-477b-b083-40a775c5c173", "value": "76f4a223ba57db108fd7ede89bd61301", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Gogo", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546528", "to_ids": true, "type": "sha1", "uuid": "bd681ddd-5948-42b5-8568-badada7786dd", "value": "495aafc32f8f3eddd3da6a48ef5694330473a79e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Gogo", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546529", "to_ids": true, "type": "sha256", "uuid": "28ba6059-c0c0-4ec3-9946-059aa9682f10", "value": "e74098b17d5d95e0014cf9c7f41f2a4e4be8baefc2b0eb42d39ae05a95b08ea5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896457", "to_ids": true, "type": "ssdeep", "uuid": "71c30cb1-c366-4feb-a57a-4b5f7069b95a", "value": "49152:HqOgBE09zoXD3YO5gnv9jL2YazkRc41GWwtZ8+m0J2/RB8cRHlVQa1wn3ntR:H+By3L5gtGs1GWCZDmc2ZVlVJ1g9R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896457", "to_ids": false, "type": "size-in-bytes", "uuid": "ca4c876f-42f4-4f8c-93ef-90c09683b738", "value": "3341824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896457", "to_ids": true, "type": "vhash", "uuid": "6b37ec3b-6de8-4625-8a11-8062a6e92b9d", "value": "03603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896457", "to_ids": true, "type": "filename", "uuid": "f966e3b0-8f83-4577-ad35-c655fecffd7e", "value": "e74098b17d5d95e0014cf9c7f41f2a4e4be8baefc2b0eb42d39ae05a95b08ea5.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896457", "to_ids": false, "type": "text", "uuid": "45aa686d-136a-4b1a-9682-9c78db5dd9f9", "value": "Gogo\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:49/71\nFirst Submission:2025-07-08T08:55:53.000000+00:00\nLast Submission:2026-05-06T08:14:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546531", "uuid": "072358a0-591b-44a5-aa86-3b18f695413a", "Attribute": [ { "category": "Payload delivery", "comment": "Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546531", "to_ids": true, "type": "md5", "uuid": "f4b95855-2165-466e-94bb-3f1cdb57693e", "value": "cf1a8c083143995dc6fffaeb5d21edc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546531", "to_ids": true, "type": "sha1", "uuid": "93ef7a07-80eb-446d-ba9c-a453556b09a6", "value": "5a82cdd226eea96615d3364ba9260a65f7e5e67a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546531", "to_ids": true, "type": "sha256", "uuid": "44a0c39d-f932-4eaa-a7df-c8e0cbdb6d3c", "value": "f859a67ceebc52f0770a222b85a5002195089ee442eac4bea761c29be994e2ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896501", "to_ids": true, "type": "ssdeep", "uuid": "3ef10dee-e9e2-456a-a21e-7bce92367b9f", "value": "49152:wkw6dDjIrb/TtvO90d7HjmAFd4A64nsfJ2jRyiOwLe1vrdSHhipOy2m1NDpx8A1J:XGUrwLe5z2mjPY9ShE0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896501", "to_ids": false, "type": "size-in-bytes", "uuid": "555c78fc-5d52-4d38-8302-c81449c6e478", "value": "5570048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896501", "to_ids": true, "type": "vhash", "uuid": "68a55c76-0dd0-4d13-81c5-79baba37ab20", "value": "056066655d5d15541az28!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896501", "to_ids": true, "type": "filename", "uuid": "ba8c39d2-48fb-4c20-a741-7b64faca9cce", "value": "ag531.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896501", "to_ids": false, "type": "text", "uuid": "1a0c72ea-1979-443f-9dcf-249f3a1943c0", "value": "Stowaway\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/LonNosGob.DA!MTB\nVT Total Detection:37/71\nFirst Submission:2025-12-10T08:33:11.000000+00:00\nLast Submission:2026-01-14T07:15:39.000000+00:00" } ] } ] } }