{ "Event": { "analysis": "1", "date": "2026-05-07", "extends_uuid": "", "info": "[Threat Intel] Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare", "protected": false, "publish_timestamp": "1779546821", "published": true, "threat_level_id": "2", "timestamp": "1779546820", "uuid": "959e2151-f389-4d99-bea5-635a5f3fc2c8", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#57356b", "local": false, "name": "misp-galaxy:producer=\"Seqrite\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#35480f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Path Interception by PATH Environment Variable - T1574.007\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#9e51c3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create Process with Token - T1134.002\"", "relationship_type": "" }, { "colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#8bde06", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"NTFS File Attributes - T1564.004\"", "relationship_type": "" }, { "colour": "#cb2c9b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Health\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778238024", "to_ids": false, "type": "link", "uuid": "8d2b9698-539d-455d-8934-e822b5bc49f2", "value": "https://www.seqrite.com/blog/operation-grieflure-dissecting-an-apt-campaign-targeting-vietnams-military-telecom-philippine-healthcare/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778238024", "to_ids": false, "type": "text", "uuid": "a773bb65-ceab-4f70-8455-5f0e76654eae", "value": "A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778238024", "to_ids": false, "type": "text", "uuid": "53ae4d3b-2e82-4e54-84e0-89f6ca719ec8", "value": "Name: Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare\nAuthor: AlienVault\nAdversary: \nTags: [\"living-off-the-land\", \"spear phishing\"]\nTgtd countries: [\"Philippines\"]\nMlwr families: [\"sfsvc.exe\", \"360.dll\"]\nAttack_ids: [\"T1113\", \"T1574.007\", \"T1547\", \"T1204.002\", \"T1566.001\", \"T1082\", \"T1005\", \"T1036\", \"T1218\", \"T1555.003\", \"T1134.002\", \"T1020\", \"T1083\", \"T1552.001\", \"T1057\", \"T1041\", \"T1027\", \"T1573\", \"T1518.001\", \"T1059.003\", \"T1071.001\", \"T1574.002\", \"T1564.004\", \"T1055.001\"]\nIndustries: [\"Telecommunications\", \"Healthcare\", \"Defense\", \"Government\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947296", "to_ids": true, "type": "hostname", "uuid": "18fb3604-7b59-48a5-90ad-cdf6e2b01f25", "value": "www.whatsappcenter.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947317", "to_ids": true, "type": "ip-dst", "uuid": "89606790-0312-41aa-9bf7-cb708212afe3", "value": "38.54.122.188", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947338", "to_ids": true, "type": "domain", "uuid": "eabdb1c3-c324-49ee-bf44-8520e667d9e5", "value": "whatsappcenter.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546797", "uuid": "03de6038-69ac-4ecb-9410-1ea61f8637ff", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546796", "to_ids": true, "type": "md5", "uuid": "ac5dfacc-a27a-42e4-8965-8bedd97f5106", "value": "6c6cbed6aad96564ed87094785be07a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546797", "to_ids": true, "type": "sha1", "uuid": "988a6098-f5ce-4fea-b115-af0d73744dd9", "value": "55d6238b01a177e25eb7d53c943f3abea64ec073", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546797", "to_ids": true, "type": "sha256", "uuid": "54b8447b-8268-449e-8412-e4dfb86c310f", "value": "bc090d75f51c293d916c40d4b21094faaec191a42d97448c92d264875bf1f17b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945101", "to_ids": true, "type": "ssdeep", "uuid": "2df1bfd6-6654-41f8-bcf1-6f80cde616a5", "value": "24:83WJ7Zh+6TIGUPJ+/BZdZq4I0GjhyLxfOyHuxTmh8qrn:83oZh168IhjEtx0TGzn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945101", "to_ids": false, "type": "size-in-bytes", "uuid": "cb3a5f49-c836-4ce0-836f-14d3d81b9bad", "value": "1971" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945101", "to_ids": true, "type": "vhash", "uuid": "a784fff3-3e33-432b-8003-bb3c6d59641a", "value": "a45fb2bf80ba3e4c6a8d889f2e2e85dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945101", "to_ids": true, "type": "filename", "uuid": "3af1eec1-e62f-41ae-b996-4168dfd47d3a", "value": "Whistleblowing_Report_SLMC_Fraud_and_Misconduct_2026.pdf.lnk" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945101", "to_ids": false, "type": "text", "uuid": "68ddd8b1-fcd5-41ae-af8b-f4882d628677", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK!MSR\nVT Total Detection:16/62\nFirst Submission:2026-04-23T13:15:58.000000+00:00\nLast Submission:2026-04-23T13:15:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546800", "uuid": "8aa2e4cf-af69-4f49-a2d8-2721d5f57481", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546799", "to_ids": true, "type": "md5", "uuid": "de7e6183-2ef3-4dbc-ac2c-4cb284f84fd1", "value": "d7a5f86664a007cc1906fc25870e8bbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546799", "to_ids": true, "type": "sha1", "uuid": "adb576ee-3d42-430f-a466-e4af46bd4db9", "value": "843f29f832daf20186697e6960dc5ce32e67aeb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546800", "to_ids": true, "type": "sha256", "uuid": "c9b60dc1-6213-4f3b-b26d-4bc77156c140", "value": "197f11a7b0003aa7da58a3302cfa2a96a670de91d39ddebc7a51ac1d9404a7e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945124", "to_ids": true, "type": "ssdeep", "uuid": "f3aeeea8-5fec-4030-ae7c-a8284eeef05f", "value": "24:83WJ7Zh+6TIGUPJ+/Bq/dZq4I0GjhyLxfOyHuxTmh8qW:83oZh1691IhjEtx0TG+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945124", "to_ids": false, "type": "size-in-bytes", "uuid": "21374fb7-8c69-44e3-a7b5-0b5ea7f71b30", "value": "1971" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945124", "to_ids": true, "type": "vhash", "uuid": "f1d99591-d491-4ac5-aa1f-b99f92adb932", "value": "a45fb2bf80ba3e4c6a8d889f2e2e85dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945124", "to_ids": true, "type": "filename", "uuid": "911ec8df-814e-42bc-b1ca-3be4875d0bf4", "value": "Valid_Government_Identification_Card_of_Dela_Cruz_Juan_-_Philippine_National_ID_Front_Side.png.lnk" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945124", "to_ids": false, "type": "text", "uuid": "d50072e4-8f9c-4138-9da7-b695207be8c7", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK!MSR\nVT Total Detection:20/62\nFirst Submission:2026-03-03T07:55:15.000000+00:00\nLast Submission:2026-03-03T08:03:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546802", "uuid": "e5451a6a-7545-4b6b-9da4-3ef299b14871", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546802", "to_ids": true, "type": "md5", "uuid": "23231144-8c0f-437b-abe7-bd42b17c1502", "value": "8544163ef51a0a9ee354649851899e53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546802", "to_ids": true, "type": "sha1", "uuid": "8a99eb4b-d894-497f-8fd4-dae15ca82d6f", "value": "d40bd21b606f22d07f2e6a932461a45a448247be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546802", "to_ids": true, "type": "sha256", "uuid": "5aa7edc6-db75-4e81-8012-f4fc99c65a4a", "value": "35af2cf5494181920b8624c7b719d39590e2a5ff5eaa1a2fa1ba86b2b5aa9b43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945146", "to_ids": true, "type": "ssdeep", "uuid": "e70f94cb-44b5-4edd-8a60-b2b1ffef231d", "value": "24:83WJ7Zh+6TIGUPJ+/BZdZq4I0GjhyLxfOyHuxTmh8qJ:83oZh168IhjEtx0TGx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945146", "to_ids": false, "type": "size-in-bytes", "uuid": "ec8c4f61-4ea5-4646-a47e-d50c265b97e3", "value": "1971" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945146", "to_ids": true, "type": "vhash", "uuid": "8a43b1e3-1cb7-43f9-9c32-678423402c41", "value": "a45fb2bf80ba3e4c6a8d889f2e2e85dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945146", "to_ids": true, "type": "filename", "uuid": "1794228f-9a06-4247-a3c9-552010c5c587", "value": "1. H\u1ed2 S\u01a0 B\u1eb0NG CH\u1ee8NG GHI NH\u1eacN CHU\u1ed6I H\u00c0NH VI VI PH\u1ea0M PH\u00c1P LU\u1eacT C\u00d3 H\u1ec6 TH\u1ed0NG V\u00c0 LEO THANG C\u1ee6A T\u1eacP \u0110O\u00c0N VIETTEL.lnk" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945146", "to_ids": false, "type": "text", "uuid": "8b9896ef-25b6-44ed-9b1e-99ee6f555dc8", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK!MSR\nVT Total Detection:26/62\nFirst Submission:2026-04-21T04:49:21.000000+00:00\nLast Submission:2026-04-21T04:49:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546805", "uuid": "9678e242-3ab3-4a4c-8d58-72a0c9c2c60d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546804", "to_ids": true, "type": "md5", "uuid": "76623246-12cb-4367-8d28-81762f5b55f4", "value": "a5132e28694159de9d7dbe807edb78d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546805", "to_ids": true, "type": "sha1", "uuid": "7450f42d-856c-42da-b38f-ac59071f31eb", "value": "6dc14b5d7c7b0fdf2fde8397e434ac07dd54d4a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546805", "to_ids": true, "type": "sha256", "uuid": "00305ccd-dfa6-4ace-ad5b-cd7afc85e937", "value": "61e9d76f07334843df561fe4bac449fb6fdaed5e5eb91480bded225f3d265c5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945167", "to_ids": true, "type": "ssdeep", "uuid": "09feb96b-94fa-43dd-93b8-622aa1ea609e", "value": "12288:LkKJI+Kd1BUETsdn0kw7EXYt2rtfqSDh:gHd1BUEo90CXY0ZV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945167", "to_ids": false, "type": "size-in-bytes", "uuid": "d3b2817f-777e-4d00-a667-32d6d36a5330", "value": "446464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945167", "to_ids": true, "type": "vhash", "uuid": "bcec3444-126b-40f4-8332-ed0288ad6ce1", "value": "0450466d5d656175z9009a1z23z608053z2021z75ze7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945167", "to_ids": true, "type": "filename", "uuid": "fed6ff1d-148e-4808-b485-d298f178e470", "value": "th5znehec.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945167", "to_ids": false, "type": "text", "uuid": "191d41ae-c590-42c5-8637-724ad56ceb83", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:48/71\nFirst Submission:2026-04-21T05:35:30.000000+00:00\nLast Submission:2026-04-21T05:35:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546808", "uuid": "ed38d8f0-5f80-4bef-aa8a-652cb6b4eb2e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546807", "to_ids": true, "type": "md5", "uuid": "6edb6455-72f4-4618-84dd-9f9562cd2e64", "value": "03ba1d72088806bcac77d663170aa68d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546807", "to_ids": true, "type": "sha1", "uuid": "c32deb87-b196-4a7c-887b-d0f193f426ef", "value": "faec088e3551116d99559ad589786ba359b4bdf7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546808", "to_ids": true, "type": "sha256", "uuid": "319a855f-10c7-4861-8169-287b59a96b6a", "value": "7f80add94ee8107a79c87a9b4ccbd33e39eccd1596748a5b88629dd6ac11b86d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945189", "to_ids": true, "type": "ssdeep", "uuid": "2ee9d72e-9f3d-4a5f-a230-b6a3a1aaff22", "value": "12:gUoNZa2Sxa1i8Wa9f1LzfFNdfL4IZfL4NECaXrK4:4NZiRmNdfLhZfLOIXrz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945189", "to_ids": false, "type": "size-in-bytes", "uuid": "98847124-3536-4298-b89e-be602f2a5746", "value": "714" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945189", "to_ids": false, "type": "text", "uuid": "0a9400be-0639-4b9e-bcf4-04b288593197", "value": "Type Description: DOS batch file\nMicrosoft: TrojanDropper:BAT/Malgent!MSR\nVT Total Detection:24/61\nFirst Submission:2026-04-21T05:35:27.000000+00:00\nLast Submission:2026-04-21T05:35:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546810", "uuid": "0e65de34-d08d-46e5-9b6f-3c39e7cad7b3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546809", "to_ids": true, "type": "md5", "uuid": "cb6781b5-2663-47ce-a73a-840a2d33df9c", "value": "ae9b4635e91068e80d2cf6745b53bef2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546810", "to_ids": true, "type": "sha1", "uuid": "967a4952-764f-4335-b9ac-b66416df944a", "value": "8e69dc2eb77fdb0a51b5c22c45a1fa66789ea34d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546810", "to_ids": true, "type": "sha256", "uuid": "f37967ba-90ec-4bc4-82dd-701c29f627a0", "value": "91a15554ec9e49c00c5ca301f276bd79d346968651d54204743a08a3ca8a5067", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945211", "to_ids": true, "type": "ssdeep", "uuid": "62f76d5f-6e70-49b7-a17e-594c4a6a23c7", "value": "1536:oqH3bwWfzXb7rjFZTnocrcGNaCNKxrrSdM6leSnxz6mMGPOhq0Kyrp:D3hzXzjXrVUNr0leiJ6PGsRKyr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945211", "to_ids": false, "type": "size-in-bytes", "uuid": "52be759a-9746-4d22-ade4-77d723c7e8bc", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945211", "to_ids": true, "type": "vhash", "uuid": "d5c17e09-4ea2-4d0a-9c83-3846e25a5f7f", "value": "115056655d15155az54?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945211", "to_ids": true, "type": "filename", "uuid": "c1a27a2f-9db3-4888-b4e9-29ee358a9daa", "value": "SlULIRDJOiq" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945211", "to_ids": false, "type": "text", "uuid": "d9d24865-6111-40a1-bfe9-25065af1050a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:41/71\nFirst Submission:2026-03-31T09:52:13.000000+00:00\nLast Submission:2026-03-31T09:52:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546813", "uuid": "fc2c3f54-3aa0-4079-b820-4415f41f4197", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546812", "to_ids": true, "type": "md5", "uuid": "ae3490c8-08e1-4071-9e53-5fa2a85eb8ae", "value": "5d721d4eb154602522a86756aea40203", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546812", "to_ids": true, "type": "sha1", "uuid": "f64972cb-c778-4263-92fe-e95b746bc495", "value": "57601606b90d0b5f339a7ade46e756b9628b11c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546813", "to_ids": true, "type": "sha256", "uuid": "89bc1cde-baf3-4a10-a534-3c962f828038", "value": "a49155df50963d2412534090bbd967749268bd013881ddb81d78b87f91cdc15b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945232", "to_ids": true, "type": "ssdeep", "uuid": "ea536757-50b6-4fa2-87d8-e5da1fd0e788", "value": "12:gUoNZa2Sxa1i8Wa9f1LzfFNdfL4IZfL4NECaXrKiGjS:4NZiRmNdfLhZfLOIXrZGO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945232", "to_ids": false, "type": "size-in-bytes", "uuid": "715102a3-0347-409b-966a-4a8cb64fdc8e", "value": "765" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945232", "to_ids": false, "type": "text", "uuid": "4f9b74ab-7ee3-49a8-9df8-26dadcb2f08e", "value": "Type Description: DOS batch file\nMicrosoft: TrojanDropper:BAT/Malgent!MSR\nVT Total Detection:23/61\nFirst Submission:2026-04-23T13:26:52.000000+00:00\nLast Submission:2026-04-23T13:26:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546815", "uuid": "d747685d-0d15-4a49-bb4f-1fabc899dab3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546815", "to_ids": true, "type": "md5", "uuid": "c56e58e0-ac59-497b-8bbe-51d6c03f6345", "value": "8edd9b4c66d9056734cf4d5d96a4a5a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546815", "to_ids": true, "type": "sha1", "uuid": "75ad84aa-0c59-4aa5-9990-2fef4ad956c0", "value": "25592011fd4428f921bf4167dcc4f5ab78b2be85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546815", "to_ids": true, "type": "sha256", "uuid": "a59e8438-a2cd-4b99-8929-d5e507b15906", "value": "bc83817c6d2bf8df1d58eac946a12b5e2566b2ffe15cf96f37c711c4b755512b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945254", "to_ids": true, "type": "ssdeep", "uuid": "634649c5-9de7-4a9a-8ed2-ff3c6f3f244f", "value": "1536:YqH3bwWfzXb7rjFZTnocrcGNaCNKxrrSdM6leSnxz6mMGPOhq0KQ27p:T3hzXzjXrVUNr0leiJ6PGsRKQ27" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945254", "to_ids": false, "type": "size-in-bytes", "uuid": "d95cca44-2335-4c7d-8a0c-ab6f0c631f1b", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945254", "to_ids": true, "type": "vhash", "uuid": "c4807360-9f9d-4f8e-a2d7-31457c1e571b", "value": "115056655d15155az54?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945254", "to_ids": true, "type": "filename", "uuid": "e4ad812f-74cb-4730-b422-1c7db0026c34", "value": "ekdv1.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945254", "to_ids": false, "type": "text", "uuid": "eb6306ed-02a0-4605-8156-9a13a1035c60", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:36/71\nFirst Submission:2026-04-21T05:35:29.000000+00:00\nLast Submission:2026-04-21T05:35:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546818", "uuid": "15f7a3ee-290f-4b8b-afaf-5320314194e8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546817", "to_ids": true, "type": "md5", "uuid": "a8a4158f-6fbd-4c2f-a7e0-5f760369b51b", "value": "4b46fe193b75357d01cd103bc48b4386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546818", "to_ids": true, "type": "sha1", "uuid": "73a17c6b-a7da-420c-a13b-739e7bba3a66", "value": "a7f1f4faeb728471fea694d96c00ba7ff0acf1ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546818", "to_ids": true, "type": "sha256", "uuid": "4ddf9990-b362-4d96-a5cd-b9b66f9c21cd", "value": "ee6330870087f66a237a7f7c115b65beb042299f12eae1e9004e016686d0c387", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945276", "to_ids": true, "type": "ssdeep", "uuid": "19a49d5b-74e8-4750-a4d4-4948b92df67e", "value": "1536:YqH3bwWfzXb7rjFZTnocrcGNaCNKxrrSdM6leSnxz6mMGPOhq0K/FhhT/fpFUDp2:T3hzXzjXrVUNr0leiJ6PGsRKhUDg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945276", "to_ids": false, "type": "size-in-bytes", "uuid": "8b41f4ed-f16e-464d-ac94-6ce4575eeeec", "value": "109088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945276", "to_ids": true, "type": "vhash", "uuid": "22e86631-9ccd-45ba-946c-39b995ad24de", "value": "115056655d15155az54?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945276", "to_ids": true, "type": "filename", "uuid": "a92a8c90-74a7-48da-9ee3-8df6d920cf9e", "value": "gofpwja.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945276", "to_ids": false, "type": "text", "uuid": "09deeed5-5d58-4da9-966f-a0f3472fb9f0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:42/71\nFirst Submission:2026-04-16T16:33:47.000000+00:00\nLast Submission:2026-04-16T16:33:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546820", "uuid": "03b0d245-d10e-4bb3-ac3f-af3224e04c5e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546820", "to_ids": true, "type": "md5", "uuid": "039d83eb-05cb-4a7d-87a8-a07e64929b33", "value": "b7985e0bae75909ed3efc5d1dd75c404", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546820", "to_ids": true, "type": "sha1", "uuid": "e6310114-d956-4336-a5bc-7d823c9f207b", "value": "89d878baa30a47b088b79cb54a62465bc33d5b33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546820", "to_ids": true, "type": "sha256", "uuid": "2068c2b2-7841-451e-8295-c19a8f87669e", "value": "f34f550147c2792c1ff2a003d15be89e5573f0896c5aa6126068baa4621ef416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945297", "to_ids": true, "type": "ssdeep", "uuid": "ede37bfb-113d-45d3-9dbe-769e64a484bd", "value": "24:83WJ7Zh+6TIGUPJ+/BrdZq4I0GjhyLxfOyHuxTmh8qy:83oZh16OIhjEtx0TG6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945297", "to_ids": false, "type": "size-in-bytes", "uuid": "7524a7b5-9d88-401f-a092-2265fe122a2b", "value": "1971" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945297", "to_ids": true, "type": "vhash", "uuid": "29c4ff73-762c-45ad-8b57-63ce1f42121f", "value": "a45fb2bf80ba3e4c6a8d889f2e2e85dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945297", "to_ids": true, "type": "filename", "uuid": "d970ec63-db5d-48c2-aed8-a84e87fb17ce", "value": "iPad_Pro_Display_Spec_Final_CONFIDENTIAL.docx.lnk" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945297", "to_ids": false, "type": "text", "uuid": "ddf85484-0ae5-412e-b002-5cfd8d173775", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK!MSR\nVT Total Detection:14/62\nFirst Submission:2026-02-05T08:37:23.000000+00:00\nLast Submission:2026-02-05T08:37:23.000000+00:00" } ] } ] } }