{ "Event": { "analysis": "1", "date": "2026-03-31", "extends_uuid": "", "info": "[Threat Intel] Weaponizing the Protectors: TeamPCPs Multi-Stage Supply Chain Attack on Security Infrastructure", "protected": false, "publish_timestamp": "1775970082", "published": true, "threat_level_id": "2", "timestamp": "1775970081", "uuid": "a379247b-646f-417d-a3ad-43d0ec86619a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#18005c", "local": false, "name": "rectifyq:topic=\"ai\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Services - T1021.007\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#aa1f95", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775041206", "to_ids": false, "type": "link", "uuid": "fd20ead2-d920-47be-a450-6a3288187214", "value": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775041206", "to_ids": false, "type": "text", "uuid": "67744edb-8e75-4fd4-91f3-d1333ab29336", "value": "Between late February and March 2026, threat group TeamPCP conducted a highly calculated, escalating sequence of supply chain threats. It systematically compromised widely trusted open-source security tools, including the vulnerability scanners Trivy and KICS and the popular AI gateway LiteLLM. The affected software also includes the official Python SDK of Telnyx." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775041206", "to_ids": false, "type": "text", "uuid": "d7819687-c78b-4525-843b-2636dc5803e1", "value": "Name: Weaponizing the Protectors: TeamPCPs Multi-Stage Supply Chain Attack on Security Infrastructure\nAuthor: AlienVault\nAdversary: TeamPCP\nTags: [\"teampcp\", \"canisterworm\", \"cve-2025-55182\", \"supply chain attack\", \"wiper\"]\nTgtd countries: []\nMlwr families: [\"CanisterWorm\"]\nAttack_ids: []\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1775041206", "to_ids": false, "type": "threat-actor", "uuid": "08f72c2c-3053-417c-b34b-c6f5fe2c62af", "value": "TeamPCP" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964294", "to_ids": true, "type": "ip-dst", "uuid": "87a5aa40-7308-4b99-bf02-5fd2ce4586c6", "value": "195.5.171.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964315", "to_ids": true, "type": "ip-dst", "uuid": "67957f72-7213-4afc-896c-871ed10a4117", "value": "45.148.10.212", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775041206", "to_ids": false, "type": "vulnerability", "uuid": "d4cbc0d1-181d-40ba-bfc6-69bff83a16f4", "value": "CVE-2025-55182" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775964121", "to_ids": true, "type": "sha256", "uuid": "c7e738b3-7ba0-4379-b490-57178fdfe798", "value": "30015dd1e2cf4dbd49fff9ddef2ad4622da2e60e5c0b6228595325532e948f14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775964122", "to_ids": true, "type": "sha256", "uuid": "6eec58a2-42c7-48ae-bf33-a7466e494888", "value": "41c4f2f37c0b257d1e20fe167f2098da9d2e0a939b09ed3f63bc4fe010f8365c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775964123", "to_ids": true, "type": "sha256", "uuid": "a464f8dc-5588-4731-863c-ce3423e0a3ef", "value": "887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775964124", "to_ids": true, "type": "sha256", "uuid": "ac3d35fc-90dc-40ca-97ef-96bb419cc72c", "value": "bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775964124", "to_ids": true, "type": "sha256", "uuid": "06fea0c2-0296-4121-8071-5b255ee72843", "value": "d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775964125", "to_ids": true, "type": "sha256", "uuid": "454aa87d-0a6d-4da7-8ca8-451392541335", "value": "d8caf4581c9f0000c7568d78fb7d2e595ab36134e2346297d78615942cbbd727", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775964126", "to_ids": true, "type": "sha256", "uuid": "b6e3b9e1-2cf8-413d-9a99-f07737255683", "value": "ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964336", "to_ids": true, "type": "ip-dst", "uuid": "b62e014a-91e0-4a54-a44a-c7f93cd9542d", "value": "209.34.235.18", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964357", "to_ids": true, "type": "ip-dst", "uuid": "e0594397-fb14-4b92-ba9c-b8c01c5d68ab", "value": "212.71.124.188", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964378", "to_ids": true, "type": "ip-dst", "uuid": "d052c7d9-39d1-4de8-80b3-3877c24ab4a0", "value": "23.142.184.129", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964399", "to_ids": true, "type": "ip-dst", "uuid": "6f9d8bdc-d4fb-42fe-8ce5-61fcb057dded", "value": "63.251.162.11", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964420", "to_ids": true, "type": "ip-dst", "uuid": "c12d8c4c-e0f9-4cf9-b8bc-79ddb4210402", "value": "83.142.209.11", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964441", "to_ids": true, "type": "ip-dst", "uuid": "45613022-c5c4-48e7-844a-0a3c81814e31", "value": "83.142.209.203", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964463", "to_ids": true, "type": "hostname", "uuid": "755ba22c-3068-46c3-9abc-0dac91bcaf5b", "value": "championships-peoples-point-cassette.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964484", "to_ids": true, "type": "hostname", "uuid": "49df4271-6bff-45a5-859e-b33a76ebc4ec", "value": "create-sensitivity-grad-sequence.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964505", "to_ids": true, "type": "hostname", "uuid": "04dc241b-a4a2-47d4-b356-7d25eaad85f6", "value": "investigation-launches-hearings-copying.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964526", "to_ids": true, "type": "hostname", "uuid": "9d0a3c3a-d586-430b-8155-6923f1328341", "value": "plug-tab-protective-relay.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964548", "to_ids": true, "type": "hostname", "uuid": "d5bc8d31-b8fa-48ec-8d10-45de8226a18f", "value": "souls-entire-defined-routes.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964569", "to_ids": true, "type": "hostname", "uuid": "3ca654ab-2c04-47bc-8d23-518acc2c9124", "value": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964590", "to_ids": true, "type": "domain", "uuid": "ddd01303-846d-4194-8c3a-b672dc7bb888", "value": "checkmarx.zone", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964611", "to_ids": true, "type": "hostname", "uuid": "ca965790-535e-4ab1-89c4-d79a9dc015c1", "value": "models.litellm.cloud", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775964632", "to_ids": true, "type": "hostname", "uuid": "badea1ce-1271-4af7-9c45-0d3451c720e2", "value": "scan.aquasecurtiy.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964653", "uuid": "a57c2baa-5d7b-4d37-8374-dd4fe719db15", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964653", "to_ids": true, "type": "md5", "uuid": "9b503b62-4e78-46ac-950b-f50dd6f09401", "value": "46e7a5c4cf645b77f24023eef873f56f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964096", "to_ids": true, "type": "sha1", "uuid": "1fb0b431-e5d8-4861-8743-4918c9d26048", "value": "4e574710f80ada2abe7cf2ffd78f99592bb6c2c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964096", "to_ids": true, "type": "sha256", "uuid": "6b38cdd8-3105-4bab-8b34-0af6b289611b", "value": "61ff00a81b19624adaad425b9129ba2f312f4ab76fb5ddc2c628a5037d31a4ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962404", "to_ids": true, "type": "ssdeep", "uuid": "39cfa42c-cdec-425b-bd7c-2a306bd698f6", "value": "48:MKEAyEQh6pfVXH6i31IOav2sbG51MNcUFf0pEUbBlJ8LU3+4:Py7c5FHF2hv2JCLf0JfJ8J4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962404", "to_ids": false, "type": "size-in-bytes", "uuid": "2b08b651-a51c-4bbd-b64f-eb681620a9a0", "value": "3078" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962404", "to_ids": true, "type": "vhash", "uuid": "c14459b8-37e4-482d-bb4a-b8aed289c02b", "value": "d360a052023e93a615c10f93eb92549e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962404", "to_ids": true, "type": "filename", "uuid": "b1432f97-354e-4f93-aa7a-2e3fd4f8f823", "value": "61ff00a81b19624adaad425b9129ba2f312f4ab76fb5ddc2c628a5037d31a4ba.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962404", "to_ids": false, "type": "text", "uuid": "bb17944d-8c1e-43f1-9862-1f3daa3cd256", "value": "Type Description: JavaScript\nMicrosoft: Trojan:VBS/CanisterWorm.DC!MTB\nVT Total Detection:32/62\nFirst Submission:2026-03-23T09:26:23.000000+00:00\nLast Submission:2026-04-02T07:55:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964675", "uuid": "19ed8bd2-4bdf-4dcc-8909-91f1859ad130", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964675", "to_ids": true, "type": "md5", "uuid": "ac694df4-8c92-42ac-831c-8f3c82000a38", "value": "55405de62427ac56106f0fdb1c33dedd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964098", "to_ids": true, "type": "sha1", "uuid": "146127ed-430e-42e3-9a6d-a1fbca230f7c", "value": "6589718e7b026d7278a8eb8333c59b8e297f4016", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964098", "to_ids": true, "type": "sha256", "uuid": "4a191ed4-9a8d-45fb-97a0-0daa450add25", "value": "c37c0ae9641d2e5329fcdee847a756bf1140fdb7f0b7c78a40fdc39055e7d926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962426", "to_ids": true, "type": "ssdeep", "uuid": "04949918-eb2a-4597-b365-9f98077b4140", "value": "96:Hc4gaLj76q39DX5y7c5FHF2hv2JCLf0g9fJ8pCWjH:GaWc98YflKX0g9fJ8I8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962426", "to_ids": false, "type": "size-in-bytes", "uuid": "dc133b86-2516-48aa-90ad-b93b9baeee58", "value": "4776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962426", "to_ids": true, "type": "filename", "uuid": "7bdc0c68-233f-44c7-8b35-0b1cd22a72f9", "value": "index.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962426", "to_ids": false, "type": "text", "uuid": "8f66eade-ae4d-47ff-9f6f-3141a181e477", "value": "Type Description: JavaScript\nMicrosoft: Trojan:VBS/CanisterWorm.DC!MTB\nVT Total Detection:30/62\nFirst Submission:2026-03-23T09:25:27.000000+00:00\nLast Submission:2026-04-02T07:23:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964696", "uuid": "172905e4-53c8-401b-97e8-c6946167e83c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964696", "to_ids": true, "type": "md5", "uuid": "666dd4a9-eb86-447e-b709-3927225882cd", "value": "5870a0bf82bbdf2687d8dce89dfa668f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964099", "to_ids": true, "type": "sha1", "uuid": "64924bf3-24db-42da-82a7-66c3f1d8c8fc", "value": "4ce6ad55d8912aacc4ae4c572237131d0b7ba4b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964099", "to_ids": true, "type": "sha256", "uuid": "e5f9a801-3f9e-4bc2-9c1c-962126bbd983", "value": "cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962448", "to_ids": true, "type": "ssdeep", "uuid": "080ae816-42f9-44bf-b91f-563239144fe1", "value": "24576:raIs7IIJ0BemXNXI9fXxovWLZg21bRecJykl3dpblLn7STR7mhiY6Dp90u2xG/mV:l+IIJ0rI9/evW5D5Ct6bYsu4J2VMSeEk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962448", "to_ids": false, "type": "size-in-bytes", "uuid": "884549c3-7d63-4138-8da3-88f64bd9f0de", "value": "2316357" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962448", "to_ids": true, "type": "vhash", "uuid": "b171942c-1980-4998-a5b3-91d493459881", "value": "be8a9f7997ea000d3b62a409add18d28" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962448", "to_ids": true, "type": "filename", "uuid": "957428d8-a64f-40fd-8408-4bbd565cf9ac", "value": "cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962448", "to_ids": false, "type": "text", "uuid": "d5b671ca-b903-41bb-a7ec-f6c0cffbfdc9", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:32/67\nFirst Submission:2026-03-27T04:15:48.000000+00:00\nLast Submission:2026-03-30T11:45:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964717", "uuid": "33392413-81aa-437d-a8ce-6a43e1f5a01f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964717", "to_ids": true, "type": "md5", "uuid": "f0cc1ca4-e640-43f6-ac59-ddda838c8048", "value": "718c13820bff309925b5b629bbb5da2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964100", "to_ids": true, "type": "sha1", "uuid": "e7c8321e-114f-4cc9-a266-bbc896d04017", "value": "9e2b6deeca9623db3868d4bb36ba2c053c949e65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964100", "to_ids": true, "type": "sha256", "uuid": "afa687b4-95a1-41d8-bc1e-b87a54226ced", "value": "f398f06eefcd3558c38820a397e3193856e4e6e7c67f81ecc8e533275284b152", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962469", "to_ids": true, "type": "ssdeep", "uuid": "9de6c119-ed44-4493-9440-1b128513e97f", "value": "192:bmwBGtNAZRWNEbTIZC6/FJrenalqu2SOyys72:bmaZwexarenOA1d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962469", "to_ids": false, "type": "size-in-bytes", "uuid": "53ad2617-921a-4889-9a44-27d99b8d0b17", "value": "8929" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962469", "to_ids": true, "type": "filename", "uuid": "bf79f427-b005-482e-82cb-7fe71a502ac8", "value": "deploy.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962469", "to_ids": false, "type": "text", "uuid": "d18e4a9e-e640-43c2-9569-5586c7aea381", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/CanisterWorm.SM!MTB\nVT Total Detection:27/63\nFirst Submission:2026-03-23T09:11:53.000000+00:00\nLast Submission:2026-03-23T09:11:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964738", "uuid": "f56f9e1b-4cbe-48d1-a07c-992fddd30b63", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964738", "to_ids": true, "type": "md5", "uuid": "acf7e6f7-2df3-4fd1-b431-ea6dc5f11465", "value": "7646a872455dab186dc9de17f7ef0340", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964101", "to_ids": true, "type": "sha1", "uuid": "45928952-588b-4f9b-8ad2-18bcd61a59ef", "value": "27cf71eada45ceb298cd793219c217452241e443", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964101", "to_ids": true, "type": "sha256", "uuid": "f5dcc61a-d482-4bd8-95d3-fe45ac31cc9d", "value": "e9b1e069efc778c1e77fb3f5fcc3bd3580bbc810604cbf4347897ddb4b8c163b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962491", "to_ids": true, "type": "ssdeep", "uuid": "7ce82a41-b647-4a7d-8593-34e1d0ee481c", "value": "24:21mCVKEKRNZiOzxcTsWLeyACqALe0BfCdDI4eCdS9hU3+4:MKEAH5bBlJ8LU3+4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962491", "to_ids": false, "type": "size-in-bytes", "uuid": "08386e40-98b2-42ec-891b-9c56384cc826", "value": "1632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962491", "to_ids": true, "type": "vhash", "uuid": "13b9e1ad-d4b6-4420-9a86-5170b14b46f8", "value": "21ce25040464fd060792fc2546e98415" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962491", "to_ids": true, "type": "filename", "uuid": "9bae9caa-8809-406b-9d8e-8c51f94473f9", "value": "e9b1e069efc778c1e77fb3f5fcc3bd3580bbc810604cbf4347897ddb4b8c163b.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962491", "to_ids": false, "type": "text", "uuid": "9007c4a6-52b1-4c5d-8608-2a72b37818d4", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/CanisterWorm.SS!MTB\nVT Total Detection:28/62\nFirst Submission:2026-03-23T09:26:05.000000+00:00\nLast Submission:2026-04-01T11:08:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964759", "uuid": "f59f5b9a-6bfa-4f83-9eb4-5e3076f2817c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964759", "to_ids": true, "type": "md5", "uuid": "e831e9f1-8b98-4ccb-a0e5-17422ad0af9e", "value": "805c08686e755c063a0bb460bdf9dcc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964102", "to_ids": true, "type": "sha1", "uuid": "dd003701-13a4-403d-afcb-b65fa6ee6a09", "value": "d820fc3440e7eadc575315f9a96a34ae450ec457", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964102", "to_ids": true, "type": "sha256", "uuid": "c022c3d1-c528-4529-85ae-3520932b239a", "value": "822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962512", "to_ids": true, "type": "ssdeep", "uuid": "730079d3-5e12-414c-b3ed-a90743042f6d", "value": "786432:ixlmJ95H8ejIjGqf5pcyysxh861eObBItI0MCyfFh:qlEH8xGqfAyP86jF1TCU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962512", "to_ids": false, "type": "size-in-bytes", "uuid": "8169a00a-a923-4961-80a7-bb171a49690d", "value": "160866488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962512", "to_ids": true, "type": "vhash", "uuid": "140c05e9-0e49-4974-adb0-fd6e1f776585", "value": "e840a106aec60742c59f25fa4dd95c2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962512", "to_ids": true, "type": "filename", "uuid": "143c2139-82c2-42d5-bcf4-dee926d4b227", "value": "trivy" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962512", "to_ids": false, "type": "text", "uuid": "31da941f-9cc2-4585-a25f-2889752b1ee1", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/CanisterWorm!MTB\nVT Total Detection:24/64\nFirst Submission:2026-03-19T21:30:12.000000+00:00\nLast Submission:2026-03-24T20:54:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964781", "uuid": "9d20e569-aa6d-4115-b29c-03c480221453", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964781", "to_ids": true, "type": "md5", "uuid": "05c0ebab-d8d2-4818-9a88-e6dcbf1e6b62", "value": "8bfefb76454efe404359831d4fe7137c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964103", "to_ids": true, "type": "sha1", "uuid": "14e0cb9e-d112-41ba-b73c-ae9973eea08d", "value": "3950fa21431ad211e1292119ff1c77e1797fa595", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964103", "to_ids": true, "type": "sha256", "uuid": "930e1a60-bffd-4d4f-9b83-1248059795ec", "value": "5e2ba7c4c53fa6e0cef58011acdd50682cf83fb7b989712d2fcf1b5173bad956", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962534", "to_ids": true, "type": "ssdeep", "uuid": "e1bfa28e-02e8-403a-875c-bcd745d984a4", "value": "96:VkACd/PyTlpmUsF68uq4LDBaEscdRagRCvkRi5l25Vx/y:y/d/PvUAcdRa3voe8y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962534", "to_ids": false, "type": "size-in-bytes", "uuid": "7006fbae-0eb3-4b02-ae2e-1caba152de44", "value": "3157" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962534", "to_ids": true, "type": "filename", "uuid": "0530d93e-c5a5-4310-a6ed-4c9fbb9c435e", "value": "5e2ba7c4c53fa6e0cef58011acdd50682cf83fb7b989712d2fcf1b5173bad956.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962534", "to_ids": false, "type": "text", "uuid": "3376273c-efb2-4ecf-a6f4-7dbf988eb99d", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/CanisterWorm.SM!MTB\nVT Total Detection:31/62\nFirst Submission:2026-03-23T08:55:01.000000+00:00\nLast Submission:2026-04-02T07:57:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964802", "uuid": "7bcc0f2c-adb5-4fa0-9dba-bf6c3049d95f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964802", "to_ids": true, "type": "md5", "uuid": "11e18eed-1d05-45f5-ae7b-7c1b3159f78c", "value": "8cf49650b7a000d09e8af77c314dfdad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964104", "to_ids": true, "type": "sha1", "uuid": "47aa40d9-2757-4d55-a493-aacb190f5aac", "value": "53495d74e72a0e74a2e1fdfe69f39fd538abd9e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964104", "to_ids": true, "type": "sha256", "uuid": "92fefb79-8ffe-47a7-bc0a-49a74a044ef3", "value": "0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962556", "to_ids": true, "type": "ssdeep", "uuid": "71de8e27-ddff-45a1-a8aa-1341ca748c98", "value": "48:eUc0cUi9W7M7aLj7EzjO3vlDXuKEAlbBlJ8LU37ElB3ywgWjP:Hc4gaLj76q39DX59fJ8pCWjP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962556", "to_ids": false, "type": "size-in-bytes", "uuid": "cf786c77-96e4-4f88-9998-db762d37642c", "value": "3177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962556", "to_ids": true, "type": "filename", "uuid": "186c4f9a-940b-4a04-ada5-ad9e60b7dc0c", "value": "0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3a.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962556", "to_ids": false, "type": "text", "uuid": "b979197c-a01c-4c23-ae1c-c921e7f88fc3", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/CanisterWorm.SS!MTB\nVT Total Detection:32/62\nFirst Submission:2026-03-23T09:24:54.000000+00:00\nLast Submission:2026-04-02T07:25:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964823", "uuid": "cb2b1c7f-111f-4e68-a610-b92f7db8218d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964823", "to_ids": true, "type": "md5", "uuid": "020dc73e-ffe8-4555-a18e-44e4c415691f", "value": "d761a6a7ae9f2254bd81ac234033a8b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964105", "to_ids": true, "type": "sha1", "uuid": "053884b4-67f8-48f1-b158-009c06d177c1", "value": "4fed54d88f919c675ee2f575f70698a8d3649287", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964105", "to_ids": true, "type": "sha256", "uuid": "0a55b1ca-4a2c-4d9f-924d-5f3cd5e68c5b", "value": "18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962577", "to_ids": true, "type": "ssdeep", "uuid": "513059a5-3b4b-47e8-b8e7-7bae5270cd72", "value": "384:tJRfIaEkaBSVQD8Pj/EnfjGgatHkBBIBtrrYIU2/2glBU46z++622JMwjaj/J:1fIadaYVQQPrEnfjVMx2gV/+N0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962577", "to_ids": false, "type": "size-in-bytes", "uuid": "9a1f9444-748b-47ed-9413-5c8a3ecfac91", "value": "17592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962577", "to_ids": true, "type": "filename", "uuid": "c147a904-be5b-4794-9aba-4dbfc0d9a93e", "value": "QGKJPg-gHR5Q43Kt6GATFGgDa_B1SZpimbgZA0eXdZxo.txt" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962577", "to_ids": false, "type": "text", "uuid": "285b4d54-0f03-47b8-8cb6-3f8daac7b7ed", "value": "Type Description: Shell script\nMicrosoft: Trojan:Linux/CanisterWorm.DB!MTB\nVT Total Detection:23/62\nFirst Submission:2026-03-20T17:39:01.000000+00:00\nLast Submission:2026-04-08T06:56:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964845", "uuid": "adfe632e-cd16-4519-be7e-d5f59f47d1c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964845", "to_ids": true, "type": "md5", "uuid": "e9e3f00f-59d1-486c-a489-5e6ed2e9066d", "value": "df43394b926e609e6ad020b157b151a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964107", "to_ids": true, "type": "sha1", "uuid": "e903cd0f-d091-4e36-b8a5-676d1cda0f9f", "value": "7f63db03c90913b90c6972fabd77c9862cba917f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964107", "to_ids": true, "type": "sha256", "uuid": "3ec02d63-970c-4fec-a088-4d316516cc48", "value": "7df6cef7ab9aae2ea08f2f872f6456b5d51d896ddda907a238cd6668ccdc4bb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962599", "to_ids": true, "type": "ssdeep", "uuid": "2b8c1521-da50-4359-bd9a-1cafa3bb155b", "value": "192:bmwBGtNAZRWNEbTIZC6/FJrenalqlB2SOyys72:bmaZwexarenOQK1d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962599", "to_ids": false, "type": "size-in-bytes", "uuid": "377873e0-5d0b-46b5-8906-80b316b2a9bd", "value": "8942" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962599", "to_ids": true, "type": "filename", "uuid": "895a951d-450b-4ee4-b319-36eb64f3aa06", "value": "7df6cef7ab9aae2ea08f2f872f6456b5d51d896ddda907a238cd6668ccdc4bb7.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962599", "to_ids": false, "type": "text", "uuid": "7d65e137-90b9-4db8-8241-4e4e78681ad7", "value": "Type Description: JavaScript\nMicrosoft: Trojan:VBS/CanisterWorm.DA!MTB\nVT Total Detection:28/62\nFirst Submission:2026-03-23T09:12:12.000000+00:00\nLast Submission:2026-04-02T07:56:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964866", "uuid": "ab9edacc-6cc0-40c2-9295-e9ddec65b5cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964866", "to_ids": true, "type": "md5", "uuid": "a0cc2836-72a7-48bd-beed-dc47dcb0d39f", "value": "07a8f7de8abd1e877ad96a72d385e019", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964108", "to_ids": true, "type": "sha1", "uuid": "ea9b42fc-8ed5-4747-ad58-305ac7db7584", "value": "60180783702e13238a8311233fc23d3e170eb4b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964108", "to_ids": true, "type": "sha256", "uuid": "c24953c0-f5e7-4ee1-aa37-23127931f950", "value": "0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962621", "to_ids": true, "type": "ssdeep", "uuid": "3c6e04a1-7414-46cc-8241-4cef62714d87", "value": "786432:KIDa6k2yPvtTuvxmUhsN3M0zrrRgKWxUKO:RDaLkxvhWc0zpcxx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962621", "to_ids": false, "type": "size-in-bytes", "uuid": "43b9e7d0-6f1b-419c-870e-2f4157db6625", "value": "164320768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962621", "to_ids": true, "type": "vhash", "uuid": "a2359a86-dc3f-4369-b77d-da282d3599a3", "value": "018086655d55651d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962621", "to_ids": true, "type": "filename", "uuid": "36dba167-489a-41e1-a076-247a29d788d5", "value": "trivy.exe" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962621", "to_ids": false, "type": "text", "uuid": "e1b55db1-1bb3-4188-9e6b-a816fc5353fe", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:28/71\nFirst Submission:2026-03-19T20:37:17.000000+00:00\nLast Submission:2026-03-20T02:13:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964887", "uuid": "f733c87d-0270-46b7-90e7-f8c240b4724e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964887", "to_ids": true, "type": "md5", "uuid": "99741d37-2cea-492e-9bec-871406dcc829", "value": "20fb3b0944a88aa7f635cb2e7c491704", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964109", "to_ids": true, "type": "sha1", "uuid": "e127e748-81fd-4b24-b360-b8180b00a55e", "value": "1bb57746c4ddf4c47df653ca327a642b3040a313", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964109", "to_ids": true, "type": "sha256", "uuid": "721dea07-252e-4d34-888c-16dffee41cf6", "value": "0c6a3555c4eb49f240d7e0e3edbfbb3c900f123033b4f6e99ac3724b9b76278f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962643", "to_ids": true, "type": "ssdeep", "uuid": "f7a36bb7-606c-40d0-a925-0473054674e8", "value": "96:RXN2W7c5FHF2hv2JCLf0eA8JESdFyAL3MIOdFhAj2VedkFPQMvqXNC:R92WYflKX0elJvJL3pOqj2V6kFPQ9w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962643", "to_ids": false, "type": "size-in-bytes", "uuid": "03df505b-dc55-4f7e-bae1-371b38caa980", "value": "5701" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962643", "to_ids": true, "type": "filename", "uuid": "eb972a7b-9788-4dce-97bc-beb8a90eb45a", "value": "20260322T112519Z_payload_0c6a3555c4eb49f2_0c6a3555c4eb49f2.bin" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962643", "to_ids": false, "type": "text", "uuid": "821e8eab-85c1-4ca4-9b2e-236e350c208e", "value": "Type Description: Shell script\nMicrosoft: Trojan:Script/Wacatac.C!ml\nVT Total Detection:4/62\nFirst Submission:2026-03-22T14:53:17.000000+00:00\nLast Submission:2026-03-22T14:53:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964908", "uuid": "fe12c4ac-8678-44d9-9675-81c8bd853088", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964908", "to_ids": true, "type": "md5", "uuid": "9d49761c-e835-44e1-924b-d1efb3112854", "value": "dbb50ce36bb5b87a381cce1dfb59084a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964110", "to_ids": true, "type": "sha1", "uuid": "a55ac60a-532a-43c2-869d-6307b406dddc", "value": "1307f0b2ddec0aedca484d7c9f83024e5f558b62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964110", "to_ids": true, "type": "sha256", "uuid": "d9d778bb-846e-4b48-a1f0-cb146b5d5042", "value": "1e559c51f19972e96fcc5a92d710732159cdae72f407864607a513b20729decb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962665", "to_ids": true, "type": "ssdeep", "uuid": "6bac57f0-186d-4e1b-80fb-336e35adb578", "value": "96:RXN2W7c5FHF2hv2JCLf0eA8JESdFyAL3MIOdFhAj2vMuu:R92WYflKX0elJvJL3pOqj2vZu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962665", "to_ids": false, "type": "size-in-bytes", "uuid": "ab8a3e12-5297-4e8b-9103-10a2ca894a52", "value": "5076" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962665", "to_ids": true, "type": "filename", "uuid": "9b8ed5d4-ff3a-438b-88ba-26dbb837f0d4", "value": "20260322T110514Z_payload_1e559c51f19972e9_1e559c51f19972e9.bin" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962665", "to_ids": false, "type": "text", "uuid": "5bb8d367-6e9a-4097-90cc-528aba812b67", "value": "Type Description: Shell script\nMicrosoft: None\nVT Total Detection:6/61\nFirst Submission:2026-03-22T14:50:37.000000+00:00\nLast Submission:2026-03-22T14:50:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964929", "uuid": "337f8045-82cb-4d1f-8cf5-a0b8395c1799", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964929", "to_ids": true, "type": "md5", "uuid": "f0edf24a-8c3b-480c-8e6f-b948efdab9fa", "value": "633b465ec04a3b7b5a908ad6ec5adc2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964111", "to_ids": true, "type": "sha1", "uuid": "4c3d7f55-3516-4322-a434-0be79c3a7377", "value": "27bbebdd418835967fcf00d6ff3315109cf61750", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964111", "to_ids": true, "type": "sha256", "uuid": "fe9eac17-79fb-4d4b-b7b2-17c82ed61651", "value": "6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962729", "to_ids": true, "type": "ssdeep", "uuid": "92ffc723-4243-48b2-96c3-bfbd551a9cab", "value": "786432:NkT8MwfSleU4b2bB2WS1xb5meP/byrzRywvKapYXUDx2ajs4tSEjYqtnVPZUsSQH:kTjSVhWsrNYyZnKv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962729", "to_ids": false, "type": "size-in-bytes", "uuid": "d7382e6b-761f-4fb2-85f8-0593a029ac58", "value": "155446482" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962729", "to_ids": true, "type": "vhash", "uuid": "ea58eb2e-31b4-44f2-bc3b-bf730876ecd7", "value": "5ec1315c81eda7419ee2cdd7ac6193aa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962729", "to_ids": true, "type": "filename", "uuid": "db2bfa79-63d0-424c-bd0c-9099bfdefe4e", "value": "trivy_0.69.4_macOS-ARM64" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962729", "to_ids": false, "type": "text", "uuid": "3c9c1ffe-ae38-417e-862b-9b441d6f8bea", "value": "Type Description: Mach-O\nMicrosoft: None\nVT Total Detection:11/63\nFirst Submission:2026-03-20T02:13:26.000000+00:00\nLast Submission:2026-03-20T02:13:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964950", "uuid": "5d18ad33-a11f-495d-9fed-24b8bb30ec30", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964950", "to_ids": true, "type": "md5", "uuid": "e37c3015-764c-4187-85c6-16e92278af7d", "value": "188d8592f393ce45f7273102f02efee1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964113", "to_ids": true, "type": "sha1", "uuid": "ccb50e03-bf51-41d0-9f6c-2e754708227d", "value": "59d1537bd095fb01617da08cf4bd89f72e158f9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964113", "to_ids": true, "type": "sha256", "uuid": "86c4533d-26c2-4c8d-b498-6c0a28b65482", "value": "7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962750", "to_ids": true, "type": "ssdeep", "uuid": "47861f45-8b80-4ff0-8a01-950398ee11ae", "value": "24576:rX5s7IIJ0BemXNXI9fXxovWLZg21bRecJykl3dpblLn7STR7mhiY6Dp90u2xkm9h:1+IIJ0rI9/evW5D5Ct6bYsustS1y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962750", "to_ids": false, "type": "size-in-bytes", "uuid": "52c9e017-c1b5-49ff-a516-c07e6f04357d", "value": "2316358" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962750", "to_ids": true, "type": "vhash", "uuid": "9325af72-d4af-4e4a-a763-b6663138d0a6", "value": "be8a9f7997ea000d3b62a409add18d28" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962750", "to_ids": true, "type": "filename", "uuid": "15ed636e-f128-4f3b-99bf-b75483afc4fa", "value": "telnyx-4.87.1-py3-none-any.whl" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962750", "to_ids": false, "type": "text", "uuid": "558ba93e-5484-41e8-bf02-dda9c5f1cef9", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:28/67\nFirst Submission:2026-03-27T04:02:20.000000+00:00\nLast Submission:2026-03-30T11:45:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964972", "uuid": "f9163674-1596-4513-b460-3a2a0d31b18a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964972", "to_ids": true, "type": "md5", "uuid": "4b119f2c-fc13-4b8c-9745-858b22539b30", "value": "333a1ec6eb53400986529c86423c01a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964113", "to_ids": true, "type": "sha1", "uuid": "895c72e8-12f9-42eb-9959-ab05048ce02a", "value": "0cc5bea88825df18a89576e85c06f3157f539a3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964114", "to_ids": true, "type": "sha256", "uuid": "ad31ed8d-589f-4f5e-93c2-25a2e94d1cff", "value": "7b5cc85e82249b0c452c66563edca498ce9d0c70badef04ab2c52acef4d629ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962772", "to_ids": true, "type": "ssdeep", "uuid": "8c800a89-59d5-4afd-b704-4525056147af", "value": "786432:f37sFrQTcY+S7FHZ5FQmU8ewqf5xD202B5Ct3Ev2APKgW7f5B:v7zWS7F55FQr8ewqN8oAY/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962772", "to_ids": false, "type": "size-in-bytes", "uuid": "a921d1ce-509f-46d7-aba9-f108da8c102f", "value": "160112824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962772", "to_ids": true, "type": "vhash", "uuid": "17fe8e24-0393-4344-8261-2fdcf2a57516", "value": "e840a106aec60742c59f25fa4dd95c2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962772", "to_ids": true, "type": "filename", "uuid": "fa6a2adb-04e2-4740-b96f-7ee605059f76", "value": "trivy-from-amd-1-7-6" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962772", "to_ids": false, "type": "text", "uuid": "c6289795-ad90-4fb9-b635-2b6360b5124f", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:8/64\nFirst Submission:2026-03-22T20:33:06.000000+00:00\nLast Submission:2026-03-24T20:48:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775964993", "uuid": "57faef09-85bc-4bb4-8dc1-d5b355a92c6a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775964993", "to_ids": true, "type": "md5", "uuid": "330f1f15-c09b-4757-9a02-df22773adc46", "value": "0f7ce2d0424d6a1a721ac5aa57905b53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964115", "to_ids": true, "type": "sha1", "uuid": "941a6986-9434-4030-93fa-e671851e29ce", "value": "a74c59bc3644b6ada14e29ff324050ef26be4cab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964115", "to_ids": true, "type": "sha256", "uuid": "ada611c2-13cd-481a-b377-4ac657ae4fd9", "value": "e4edd126e139493d2721d50c3a8c49d3a23ad7766d0b90bc45979ba675f35fea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962878", "to_ids": true, "type": "ssdeep", "uuid": "4dcaaae5-9536-4688-b286-4772cfd788e7", "value": "96:RXN2W7c5FHF2hv2JCLf0eA8JESdFyAL3MIOdFhAj2vMuCQe:R92WYflKX0elJvJL3pOqj2vZfe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962878", "to_ids": false, "type": "size-in-bytes", "uuid": "4e1def3c-6c58-48c6-8fce-2555670c1acf", "value": "5173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962878", "to_ids": true, "type": "filename", "uuid": "f4ed7686-7ea5-4ebb-bc24-499be270b4cb", "value": "20260322T111516Z_payload_e4edd126e139493d_e4edd126e139493d.bin" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962878", "to_ids": false, "type": "text", "uuid": "a8efe9e7-9761-4a91-bab6-bcb668dec1f5", "value": "Type Description: Shell script\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:7/62\nFirst Submission:2026-03-22T14:52:07.000000+00:00\nLast Submission:2026-03-22T14:52:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775965014", "uuid": "8df7ab55-eed2-4e8f-9799-0c399a1d91b8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775965014", "to_ids": true, "type": "md5", "uuid": "de402b80-9087-4442-ac35-1c54c14498a5", "value": "284037d485efbf7c54efcc7a4ba1516b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964116", "to_ids": true, "type": "sha1", "uuid": "f6f314d5-54ce-422b-9d63-19e2a84e42e1", "value": "82eb666c9ece5162038bb6bf248add6c124369ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964116", "to_ids": true, "type": "sha256", "uuid": "0ff058dd-7fdc-4fb0-9fd8-c40145e383ad", "value": "e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1113243", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962900", "to_ids": true, "type": "ssdeep", "uuid": "bcbfc623-732e-4943-81e6-bba8eecac555", "value": "786432:dmPcDLzHGkcZTYKVIavchF2C/j/zlSeKNHq04Ytff/hwKt:EPOGkceyIavchv/z9k6K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962900", "to_ids": false, "type": "size-in-bytes", "uuid": "dbb5e6aa-53b7-4718-9a04-df49122eaf02", "value": "164752032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962900", "to_ids": true, "type": "vhash", "uuid": "9eb70235-71dc-469e-a2a2-3e12206f1580", "value": "9867bdb55fb272eb43d498fd977819a9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962900", "to_ids": true, "type": "filename", "uuid": "4a21dc55-1bf0-424a-bb24-fb6d7b7999fa", "value": "trivy_0.69.4_macOS-64bit" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962900", "to_ids": false, "type": "text", "uuid": "2adc17e0-4f5f-4e2d-905e-097e285a4efc", "value": "Type Description: Mach-O\nMicrosoft: Trojan:MacOS/SAgent!MSR\nVT Total Detection:10/62\nFirst Submission:2026-03-20T02:12:28.000000+00:00\nLast Submission:2026-03-20T02:12:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775965035", "uuid": "17408981-d6b0-4b6c-9105-c6e0240b11ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775965035", "to_ids": true, "type": "md5", "uuid": "3e2c4353-af9d-42a7-ad06-a107809c7b75", "value": "43a466cf0d6af34e09acc03a058061ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964118", "to_ids": true, "type": "sha1", "uuid": "c6139f9d-6949-4295-9bef-5324e919068d", "value": "816ad5a1cd3f74ba9ef19bd87d61eab5018332fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964118", "to_ids": true, "type": "sha256", "uuid": "68b16a70-768e-41ae-bde2-66bd222e9396", "value": "e64e152afe2c722d750f10259626f357cdea40420c5eedae37969fbf13abbecf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962922", "to_ids": true, "type": "ssdeep", "uuid": "5bcf2827-b8e2-4a05-9274-854f295334c5", "value": "786432:W93K2jIYgE1N5m69dWEcaLVNR9VfY3wrjQuDm9s5oBlH7QSlNDw72K4Zhfu73E0S:3TH70U9BeJjw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962922", "to_ids": false, "type": "size-in-bytes", "uuid": "dd9b489b-9e5d-4a79-baca-421374ef3f30", "value": "150405304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962922", "to_ids": true, "type": "vhash", "uuid": "9c3e9938-bc3a-4734-ac5b-7385be68e962", "value": "8ca932477f3df2975bc92944440b2676" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962922", "to_ids": true, "type": "filename", "uuid": "cdee1af9-dde4-46d2-8291-a57d845ac6f1", "value": "trivy-arm64-0.69.4" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962922", "to_ids": false, "type": "text", "uuid": "4d29a97a-ff9b-40e0-8b3c-a6c54c8cf52d", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:12/62\nFirst Submission:2026-03-24T20:46:41.000000+00:00\nLast Submission:2026-03-24T20:54:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775965056", "uuid": "ab56fecc-c922-4f55-9538-083d5b80e9dd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775965056", "to_ids": true, "type": "md5", "uuid": "43c8c220-4029-4028-9318-4192cb2a9440", "value": "57661aff933307dba7e2d7e7c4cc1fc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964119", "to_ids": true, "type": "sha1", "uuid": "273be584-8bbc-4cf8-9273-939445e5af59", "value": "24a2e096feccb4ddcb91ac625788734ec3b36619", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964119", "to_ids": true, "type": "sha256", "uuid": "e9954639-de5a-4d8e-99b0-a34104ee4b01", "value": "e87a55d3ba1c47e84207678b88cacb631a32d0cb3798610e7ef2d15307303c49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962943", "to_ids": true, "type": "ssdeep", "uuid": "d5d17a97-2ccb-4d92-9b18-d1c44650129d", "value": "96:RXN2W7c5FHF2hv2JCLf0eA8JESdFyAL3MIOdFhAj2VedtrMgrv:R92WYflKX0elJvJL3pOqj2V65hj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962943", "to_ids": false, "type": "size-in-bytes", "uuid": "0c13145d-0e3d-443f-9961-2793f1817976", "value": "5436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962943", "to_ids": true, "type": "filename", "uuid": "7be42847-c5cb-4796-928a-5c429e233a1a", "value": "20260322T112017Z_payload_e87a55d3ba1c47e8_e87a55d3ba1c47e8.bin" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962943", "to_ids": false, "type": "text", "uuid": "444f3937-7764-41d6-a79e-0330127c6c28", "value": "Type Description: Shell script\nMicrosoft: Trojan:Script/Wacatac.C!ml\nVT Total Detection:4/62\nFirst Submission:2026-03-22T14:52:46.000000+00:00\nLast Submission:2026-03-22T14:52:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775965077", "uuid": "ffba87e8-b3af-433d-8d99-d6283cb85bc6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775965077", "to_ids": true, "type": "md5", "uuid": "fb26f004-989e-45dd-b2f3-9e582c17a419", "value": "8bddcad83361397840fdb1ee97d8a6a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964120", "to_ids": true, "type": "sha1", "uuid": "b9bcd13a-22c3-449d-b78b-a7a619b76169", "value": "4004c385d39e613f6e527f912b3bf340460b1af0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964120", "to_ids": true, "type": "sha256", "uuid": "37c14a77-19bb-4962-812e-281990c4f2d6", "value": "f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775962987", "to_ids": true, "type": "ssdeep", "uuid": "174d8b38-29b9-45e7-9bc3-0ef71dfd63cc", "value": "786432:BhH8+H3rfU0HGPJ9o7Cwnkg7TopUxeAWqPsiyrm5:7H8CjUHPJVwkg7TILib" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775962987", "to_ids": false, "type": "size-in-bytes", "uuid": "bf99fa4c-9291-47f5-92a2-4167f8ed002e", "value": "149774520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775962987", "to_ids": true, "type": "vhash", "uuid": "ad495250-bc4b-49a3-abc9-27cdd30668ad", "value": "bed0051c03c0b002224d3a09f64bb907" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775962987", "to_ids": true, "type": "filename", "uuid": "c1d5852d-bf80-4ff8-aae4-2655ac4bdae7", "value": "trivy_0.69.4_Linux-32bit" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775962987", "to_ids": false, "type": "text", "uuid": "7a47dd4d-213c-44b6-b606-15386c23d028", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/CanisterWorm!MTB\nVT Total Detection:16/65\nFirst Submission:2026-03-20T02:11:33.000000+00:00\nLast Submission:2026-03-25T16:10:04.000000+00:00" } ] } ] } }