{ "Event": { "analysis": "1", "date": "2026-03-16", "extends_uuid": "", "info": "[Threat Intel] COVERT RAT: Phishing Campaign", "protected": false, "publish_timestamp": "1774219623", "published": true, "threat_level_id": "3", "timestamp": "1774219622", "uuid": "9c58db60-f529-45f4-8d61-a2d170cca442", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773716430", "to_ids": false, "type": "link", "uuid": "f9df8520-ceaa-4562-aedc-1d019e388138", "value": "https://www.pointwild.com/threat-intelligence/covert-rat-phishing-campaign/", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773716430", "to_ids": false, "type": "text", "uuid": "f0cc9ec8-7c94-4c32-bf1f-a85f7804a4d5", "value": "A sophisticated multi-stage infection chain targets Argentina's judicial ecosystem using spear-phishing tactics and authentic-looking judicial content. The campaign employs a carefully crafted ZIP archive containing a weaponized LNK shortcut, BAT-based loader script, and judicial-themed PDF decoy. The attack chain leads to the deployment of a Rust-based Remote Access Trojan (RAT) that demonstrates extensive anti-VM, anti-sandbox, and anti-debugging techniques. The RAT establishes a resilient command-and-control channel, supports modular commands for various malicious activities, and implements full lifecycle management. The operation, dubbed 'Operation Covert Access,' aims to secure long-term access within high-trust institutional settings, highlighting the need for improved defenses against socially engineered intrusion chains." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773716430", "to_ids": false, "type": "text", "uuid": "20cbdb00-81ef-4ca7-ac06-4bfb862b02cf", "value": "Name: COVERT RAT: Phishing Campaign\nAuthor: AlienVault\nAdversary: \nTags: [\"spear-phishing\", \"anti-analysis\", \"phishing\", \"argentina\", \"multi-stage infection\", \"judicial sector\", \"covert rat\", \"rust-based malware\", \"remote access trojan\"]\nTgtd countries: [\"Argentina\"]\nMlwr families: [\"COVERT RAT\"]\nAttack_ids: []\nIndustries: [\"Government\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774195742", "to_ids": true, "type": "ip-dst", "uuid": "eac4bb41-4c37-4d23-8f7e-27e839bf4d83", "value": "181.231.253.69", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774195763", "uuid": "4eade3f7-f977-4948-aa40-3f4e008c7cd9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774195763", "to_ids": true, "type": "md5", "uuid": "c44cb09c-4204-4587-a680-d652b9237ca5", "value": "02f85c386f67fac09629ebe5684f7fa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194772", "to_ids": true, "type": "sha1", "uuid": "1e25c92e-6785-4cf6-984f-c594d8e5c528", "value": "c5981c6f73ecf7b9606c78e0526bd933585ec09f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194772", "to_ids": true, "type": "sha256", "uuid": "93d9039b-0d7d-4477-8bb7-1057a3853be5", "value": "6ae4222728240a566a1ca8c8873eab3b0659a28437877e4450808264848ab01e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193764", "to_ids": true, "type": "ssdeep", "uuid": "24c82314-55a5-483f-a3eb-81846a40a341", "value": "48:SAIPVyY8z9WC309JgubfM8d4FCKWlubdubgUCOeZaL3:mdNLPKQ93T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193764", "to_ids": false, "type": "size-in-bytes", "uuid": "f9fe4215-bed1-40bd-8e7d-0b22ebc7fb5c", "value": "2065" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193764", "to_ids": true, "type": "filename", "uuid": "9f3d8ee5-6003-49d5-9b63-2b9b4d4b2041", "value": "health-check.bat" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193764", "to_ids": false, "type": "text", "uuid": "e29ed481-38c8-4421-8ddd-f42567d4a13c", "value": "Type Description: DOS batch file\nMicrosoft: TrojanDownloader:BAT/CovertRAT!AMTB\nVT Total Detection:28/61\nFirst Submission:2025-11-28T03:22:26.000000+00:00\nLast Submission:2026-02-18T04:28:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774195784", "uuid": "e164b9f8-b3a2-4355-973b-f0ac1ae94554", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774195784", "to_ids": true, "type": "md5", "uuid": "293c4067-fdec-49cd-b20a-6dc17acf2f5b", "value": "233a9dbcfe4ae348c0c7f4c2defd1ea5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194773", "to_ids": true, "type": "sha1", "uuid": "7864037a-2620-4bff-8566-7ee9e40652aa", "value": "5d29707d63db3f6475351ecb91ec2fda661fc984", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194773", "to_ids": true, "type": "sha256", "uuid": "03cd5c71-8c16-436b-9c33-85555656254f", "value": "37e6da4c813557f09fa2336b43c9fbb4633e562952f5113f6a6a8f3c226854eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193788", "to_ids": true, "type": "ssdeep", "uuid": "589383c8-7418-4a51-b9ce-4daee5389c52", "value": "3072:FieHhntbapnXj4/v+E21In24iCW7HB9Lk2gISiA61:wuzbwiSSYjHTrSU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193788", "to_ids": false, "type": "size-in-bytes", "uuid": "d4a2b7b9-54fb-4d00-b3f5-be0f5a7a0c9f", "value": "166912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193788", "to_ids": true, "type": "vhash", "uuid": "0727708d-c1a7-42fb-b1b8-d85cc53fde4b", "value": "92267b8ead05a05935ef3def8afd10364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193788", "to_ids": true, "type": "filename", "uuid": "18f0c525-3592-4401-bbf4-3a2ef39d050d", "value": "notas.pdf" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193788", "to_ids": false, "type": "text", "uuid": "88fb0dd8-cba9-4fae-a4ea-3ad757ded010", "value": "Type Description: PDF\nMicrosoft: None\nVT Total Detection:7/64\nFirst Submission:2025-11-28T03:20:25.000000+00:00\nLast Submission:2026-02-18T04:42:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774195806", "uuid": "ae002d66-52c1-43cf-b8cf-ba7004a20182", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774195806", "to_ids": true, "type": "md5", "uuid": "a768fdef-bdb7-4fba-955f-ef140233ec76", "value": "45f2a677b3bf994a8f771e611bb29f4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194774", "to_ids": true, "type": "sha1", "uuid": "2870d231-37bc-4a93-972b-d2806c38daba", "value": "347f09e2589435af084b5f19fc12e8fbdee16e1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194774", "to_ids": true, "type": "sha256", "uuid": "104b8560-d6bd-40cd-90ab-f60b8423d62c", "value": "13adde53bd767d17108786bcc1bc0707c2411a40f11d67dfa9ba1a2c62cc5cf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193811", "to_ids": true, "type": "ssdeep", "uuid": "20891f4a-51a4-46d6-a0ea-e6194b302eb8", "value": "3072:HdRt+gKO+Pxy1LFXL0slL1v3U+hNNEDvzJhBxwZbd2:9vxKOyo0cRvkcNaDvzJWbk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193811", "to_ids": false, "type": "size-in-bytes", "uuid": "ab4d5eec-9781-40e0-ae30-9c0ada2c2e53", "value": "135954" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193811", "to_ids": true, "type": "vhash", "uuid": "b9931263-0112-419d-b113-f025a29bd991", "value": "ce166a9215f6dec9962e7dbc7f69356e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193811", "to_ids": true, "type": "filename", "uuid": "fe654d31-c7a1-43ff-9d8d-b0aa1a45bd9b", "value": "13adde53bd767d17108786bcc1bc0707c2411a40f11d67dfa9ba1a2c62cc5cf3.zip" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193811", "to_ids": false, "type": "text", "uuid": "eb4c7272-0666-406f-855c-ed7e2b3e8806", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:35/65\nFirst Submission:2025-11-28T03:17:33.000000+00:00\nLast Submission:2025-11-28T03:17:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774195827", "uuid": "60c96eb9-3620-493c-b6af-a498875241a1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774195827", "to_ids": true, "type": "md5", "uuid": "fecf1554-3bca-48a1-8a85-5295f8bc0a4c", "value": "976b6fce10456f0be6409ff724d7933b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194776", "to_ids": true, "type": "sha1", "uuid": "c84825ac-f855-46f9-a515-af3e7020e7d6", "value": "366a181e53291fbf35a49f0282fcf309ad35f3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194776", "to_ids": true, "type": "sha256", "uuid": "343826d5-ef02-483d-af0a-c27aa0c45511", "value": "4612c90cdfb7e43b4e9afe2a37a82d8b925bab3fd3838b24ec73b0e775afdb75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193835", "to_ids": true, "type": "ssdeep", "uuid": "8c72129a-1415-4a1a-ab96-15a5eaf93692", "value": "12288:W5HeSHSr889vcQ/uDv/R4Zr2O1/uokw4Zet1x:W5HeSHSr889vcQ/4/Rg2U/uoktet1x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193835", "to_ids": false, "type": "size-in-bytes", "uuid": "3e203828-500b-4ce2-9878-59e57fe5abd2", "value": "583787" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193835", "to_ids": true, "type": "vhash", "uuid": "8d1ac5d0-99f8-4ce6-a317-4f37234f4329", "value": "0550966d1555555c055d0019z91b1z5pzc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193835", "to_ids": true, "type": "filename", "uuid": "fb6d9298-db40-49e8-820a-31ec28d0bc9d", "value": "msedge_proxy.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193835", "to_ids": false, "type": "text", "uuid": "7f8328e8-1104-441e-8e6a-9e9ba6dc1471", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:48/71\nFirst Submission:2025-11-28T03:27:44.000000+00:00\nLast Submission:2026-02-18T05:12:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774195849", "uuid": "679807f8-7d0a-47d2-815c-280db96bc8a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774195849", "to_ids": true, "type": "md5", "uuid": "0c6739f8-dbd6-4a91-91c0-6bd106a0b1ac", "value": "dc802b8c117a48520a01c98c6c9587b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194777", "to_ids": true, "type": "sha1", "uuid": "07ba270a-5b76-499d-b2b3-89612e666eb9", "value": "427110f6a3741e57b93fa5ca7c6b7dc69b2b23d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194777", "to_ids": true, "type": "sha256", "uuid": "17ad7290-f890-4dd8-a910-8c30f6ca1b04", "value": "10bbc5e192c3d01100031634d4e93f0be4becbe0a63f3318dd353e0f318e43de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193859", "to_ids": true, "type": "ssdeep", "uuid": "54b97425-659f-4a46-a7c0-b0b87ec4606b", "value": "24:8eiwvXLH1dcKBbWXBnlAjWc+/CHyt8YNpn:8HkX5rCRnOHDBYNd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193859", "to_ids": false, "type": "size-in-bytes", "uuid": "80eed309-9552-43f7-b2dc-d7e2b79a2d05", "value": "1095" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193859", "to_ids": true, "type": "vhash", "uuid": "7474644d-23b7-47fe-b785-d81f80cbe420", "value": "96add3d7828293067fb7b9fe9d35983f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193859", "to_ids": true, "type": "filename", "uuid": "244a3d3f-04e7-4982-8c4f-01ac68fa7c8f", "value": "juicio-grunt-posting.pdf.lnk" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193859", "to_ids": false, "type": "text", "uuid": "9a587c90-557c-4364-95b7-2e364b7c4bad", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:31/62\nFirst Submission:2025-11-28T03:20:25.000000+00:00\nLast Submission:2026-02-18T04:27:47.000000+00:00" } ] } ] } }