{ "Event": { "analysis": "1", "date": "2026-04-17", "extends_uuid": "", "info": "[Threat Intel] Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign", "protected": false, "publish_timestamp": "1776767268", "published": true, "threat_level_id": "2", "timestamp": "1776767268", "uuid": "a610a894-814e-43bf-b6f9-6c37c770f0f9", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#7223eb", "local": false, "name": "misp-galaxy:producer=\"Fortinet\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Guessing - T1110.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": "" }, { "colour": "#790faf", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Direct Network Flood - T1498.001\"", "relationship_type": "" }, { "colour": "#9c8729", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create or Modify System Process - T1543\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Services Registry Permissions Weakness - T1574.011\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#a4da83", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cron - T1053.003\"", "relationship_type": "" }, { "colour": "#aad818", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SSH - T1021.004\"", "relationship_type": "" }, { "colour": "#8f36b9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflection Amplification - T1498.002\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#5780f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Default Accounts - T1078.001\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#a0cbec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Systemd Service - T1543.002\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:botnet=\"Mirai\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776682821", "to_ids": false, "type": "link", "uuid": "b16426e1-9a73-4a7d-8c03-6c62590cd095", "value": "https://www.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium-a-vulnerability-driven-iot-botnet-campaign" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776682821", "to_ids": false, "type": "text", "uuid": "4f5b01ac-f75f-4283-97a4-7ada99ef3190", "value": "Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776682821", "to_ids": false, "type": "text", "uuid": "192b5941-890e-4055-877b-1036285a9a0e", "value": "Name: Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign\nAuthor: AlienVault\nAdversary: Nexus Team\nTags: [\"cve-2024-3721\", \"mirai variant\", \"mirai\", \"persistence mechanisms\", \"iot botnet\", \"multi-architecture\", \"credential brute-force\", \"tbk dvr exploitation\", \"nexcorium\", \"ddos attacks\", \"cve-2017-17215\"]\nTgtd countries: []\nMlwr families: [\"Nexcorium\", \"Mirai\"]\nAttack_ids: [\"T1110.001\", \"T1129\", \"T1498.001\", \"T1543\", \"T1574.011\", \"T1489\", \"T1053.003\", \"T1021.004\", \"T1498.002\", \"T1106\", \"T1190\", \"T1078.001\", \"T1059\", \"T1059.004\", \"T1095\", \"T1070.004\", \"T1071.001\", \"T1543.002\", \"T1046\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1776682821", "to_ids": false, "type": "threat-actor", "uuid": "07fa20df-5c26-4a55-a1d4-404ea4b2a983", "value": "Nexus Team" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776682821", "to_ids": false, "type": "vulnerability", "uuid": "b9d0b9c0-7db4-4b0e-b257-153cfa8a3b6b", "value": "CVE-2017-17215" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776682821", "to_ids": false, "type": "vulnerability", "uuid": "a92e89ee-d490-4cf2-b656-a2d418910d85", "value": "CVE-2024-3721" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776735833", "to_ids": true, "type": "ip-dst", "uuid": "afe6b5b4-0b86-4f57-9fb6-334ec1539958", "value": "176.65.148.186", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735713", "to_ids": true, "type": "sha256", "uuid": "80531c4c-1448-4402-92dc-eb2db57508cd", "value": "29404df12a7723ce46c8b199c88a808aa315dd8ff8fd1e06a34ccd3d16f4553b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735713", "to_ids": true, "type": "sha256", "uuid": "361df455-6aa0-4a96-8948-e3865eca4996", "value": "37132e804ccb3fc4ba1f72205da70c3d7a6e66b43178707a9d8ee1156d815c21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735715", "to_ids": true, "type": "sha256", "uuid": "8540a654-b071-46bf-adb8-84782520d422", "value": "721c7cb2109ec97c14413cb8b58ddce0ecf0c1f13f22ee4f72eed79b57592cf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735715", "to_ids": true, "type": "sha256", "uuid": "c24cfbf6-db21-428b-8e2e-86e07ca25697", "value": "7c01d5b53861cd34e10a79fdea16dcf08bce9c78ed72abd6d6f3e9ce75a24734", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735716", "to_ids": true, "type": "sha256", "uuid": "97ffc236-2e84-49cc-8351-171e4b03f719", "value": "b1274de00a7f3d7ab9792ec3456e9d5bf057738666f34183f1d72060e2d4f678", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776735854", "to_ids": true, "type": "hostname", "uuid": "78c02718-1dab-4065-a7dc-8903abd7287b", "value": "r3brqw3d.b0ats.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776735875", "to_ids": true, "type": "ip-dst", "uuid": "cef59c99-05e6-444a-b45e-bc337e98644c", "value": "84.200.87.36", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776735896", "uuid": "01ae2f5d-432e-45f6-91f0-0464ab3150ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776735896", "to_ids": true, "type": "md5", "uuid": "77583ebe-5a4e-40da-86e1-cc8e60e7a052", "value": "aaed4dca8bd6bb42fc4efb358a02a554", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735704", "to_ids": true, "type": "sha1", "uuid": "ba17a4ff-45cd-4d3e-9987-aec9174332f4", "value": "ebdae1b6a28589ecc8d84557f0e83963396291cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735704", "to_ids": true, "type": "sha256", "uuid": "4b1145b5-9f16-484c-a1af-77720746dd95", "value": "89dae116c77b0035277d39dfe01043624427c119ddee8883a3ba54a42a6ae400", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733154", "to_ids": true, "type": "ssdeep", "uuid": "dc7a87c3-72e7-4541-929c-63d1565bc50c", "value": "3072:9NbRhFmOJME21s1NRsMnGN50fsrEmtOltc6:9NNhGyf3K5vtOltc6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733154", "to_ids": false, "type": "size-in-bytes", "uuid": "c2eeb1c3-9755-461e-9c17-961e68214238", "value": "106696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733154", "to_ids": true, "type": "vhash", "uuid": "a2c8055a-7ae4-4977-80a3-bd9c5938d8ae", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733154", "to_ids": true, "type": "filename", "uuid": "06a6dbcf-d80c-4ffd-b070-81714d63574e", "value": "89dae116c77b0035277d39dfe01043624427c119ddee8883a3ba54a42a6ae400.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733154", "to_ids": false, "type": "text", "uuid": "0cbac885-972a-483f-91e0-e3774594ecdd", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:35/65\nFirst Submission:2026-01-10T11:15:01.000000+00:00\nLast Submission:2026-01-13T20:32:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776735917", "uuid": "9d7225f5-6b1f-45d3-9d9e-0a52c426539c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776735917", "to_ids": true, "type": "md5", "uuid": "2bf2896f-4be5-4b49-a386-c9857a0be7b8", "value": "353874dd1e12a7f67ba4f7ecbcbcb2af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735705", "to_ids": true, "type": "sha1", "uuid": "0aee7a63-d82f-4e16-8381-f9a18fd55463", "value": "98d2ef26e37be7f8e0c9b1b45329a5288c832ea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735705", "to_ids": true, "type": "sha256", "uuid": "01c30cfb-f11f-48f3-961c-35ada54e30ef", "value": "696aeb6321313919f0a41a520e6fa715450bbfb271a9add1e54efe16484a9c35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733176", "to_ids": true, "type": "ssdeep", "uuid": "0cfb1d4d-dc9e-41bb-a086-67964df00ae1", "value": "12:8nefAFeR2Pnx9AFxzKXEv8nS8NIxAFSMsQnSf+AFSAKsS/PhHAPbUPkAt/NgA067:8WsP7f28hNIxISWXAKz/PlTPkE/Ng87" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733176", "to_ids": false, "type": "size-in-bytes", "uuid": "54b2209c-b92c-4809-9c32-a37fe0db72ec", "value": "646" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733176", "to_ids": true, "type": "filename", "uuid": "0e340083-3062-4e54-8d66-8fe2c04f315d", "value": "84.200.87.36_sample.bin" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733176", "to_ids": false, "type": "text", "uuid": "8231e553-faf6-48f9-ba30-f9ad667f9cfd", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:26/62\nFirst Submission:2026-01-11T02:05:29.000000+00:00\nLast Submission:2026-01-11T03:38:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776735938", "uuid": "b24fdcea-c549-45e2-9bd8-734e001c0964", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776735938", "to_ids": true, "type": "md5", "uuid": "00c6c80c-ab80-4aa2-bb06-56d1fa757280", "value": "8f990521c339969ffb8721db45409c23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735706", "to_ids": true, "type": "sha1", "uuid": "8520e0e4-b9fc-4450-9248-acd26d11f5f9", "value": "84d5cd37a6edf61b92dc9cc785b2aa65a6283b97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735706", "to_ids": true, "type": "sha256", "uuid": "4fa10950-b3d5-4512-a994-3af042a4ee28", "value": "0b510f93f47590791626d2fa74ddd62ba6eb8a5a5bb7b8476c0ceffc7be94ebe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733198", "to_ids": true, "type": "ssdeep", "uuid": "b19edc9f-b85f-436c-ad84-2d88a76e9118", "value": "3072:gPWeRZJ0TE1XVgVrNybfj4AI+EVIKJuRnFOtkQ:BYZGTEBiTyDj4AFEiiuRnFOtk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733198", "to_ids": false, "type": "size-in-bytes", "uuid": "2976e45c-1f00-4929-96e3-e71b1399ba8f", "value": "114012" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733198", "to_ids": true, "type": "vhash", "uuid": "26f39d55-6437-4f0d-b765-cc5d3cfd05f0", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733198", "to_ids": true, "type": "filename", "uuid": "dd6a30bd-a3cc-4ea0-9b23-2979443dc803", "value": "60956" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733198", "to_ids": false, "type": "text", "uuid": "894b928d-668c-47e2-9463-81fd06b627a6", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Mirai.FO!MTB\nVT Total Detection:34/64\nFirst Submission:2026-01-10T11:15:07.000000+00:00\nLast Submission:2026-01-11T02:05:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776735959", "uuid": "71e9c138-23bf-4449-a90b-23177fd0ee64", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776735959", "to_ids": true, "type": "md5", "uuid": "616f37f1-ba77-4bd5-85b4-f3580473b77b", "value": "b984cde54476cb9470f8828af8070aec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735707", "to_ids": true, "type": "sha1", "uuid": "4ca9f2c8-d656-44ae-b49c-5b866b0a1561", "value": "7e41dbd45ac957e35ca6b1a418276b3e2b431d3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735707", "to_ids": true, "type": "sha256", "uuid": "95bb2c34-ff49-4eee-b0dd-b7499941b731", "value": "2ccf23b8165e8c05899aa7ba4755b896ebf1d20d3b701cffdc768482486b0a74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733241", "to_ids": true, "type": "ssdeep", "uuid": "a4400e84-b463-404e-b613-b89474df897b", "value": "1536:kmJIWDEdz8xUmKlf1MwK9ezpQfpCBdnm8fMVdbZibYdy/MCAOvhC8G0Zgm3hMmCE:k0IWo+xUQd+dnNfebE/gkhMTFOtCP6h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733241", "to_ids": false, "type": "size-in-bytes", "uuid": "39fb1f49-0da2-489b-a39a-e77d2d9ce37e", "value": "156536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733241", "to_ids": true, "type": "vhash", "uuid": "daf5f170-1f92-48c3-8afa-486264ad8b0f", "value": "fd8d61116e2bf5a724a94e7a3be4ff8d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733241", "to_ids": true, "type": "filename", "uuid": "c0126c15-7740-458f-bc61-4ee4729358cf", "value": "2ccf23b8165e8c05899aa7ba4755b896ebf1d20d3b701cffdc768482486b0a74.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733241", "to_ids": false, "type": "text", "uuid": "161b081a-7503-42d0-a2fa-25cedad4f1ee", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Gafgyt.W!MTB\nVT Total Detection:34/64\nFirst Submission:2026-01-10T11:15:09.000000+00:00\nLast Submission:2026-01-11T02:05:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776735981", "uuid": "607ae85d-0057-46b2-8c18-176c22730832", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776735981", "to_ids": true, "type": "md5", "uuid": "08392f40-8b06-4b3a-a73d-1f8cda9bf97d", "value": "b53c74c140282a6f3b4142853aa9c3fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735709", "to_ids": true, "type": "sha1", "uuid": "bb314777-c0ab-404f-ab0b-35905e7b6871", "value": "a711405fd6c3ab1679ece32dc86a689e5995fb20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735709", "to_ids": true, "type": "sha256", "uuid": "f7908d0d-1f55-43f1-b8c0-1d36c979325d", "value": "838e35b62a6b38675e467301166cdcc54f98d528fe43d56936caeffec88ac696", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733326", "to_ids": true, "type": "ssdeep", "uuid": "2427f0d1-689d-4447-9233-44f0bdbe330c", "value": "3072:eMTgbwowhqmg3JK1oTor1o8V53HJW2SyQ/FOtqwI:eMTgUo0qmg3hMr1o8vXE7BFOtqwI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733326", "to_ids": false, "type": "size-in-bytes", "uuid": "cb3ac496-93d2-498b-8007-78ef1fae8a2d", "value": "154664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733326", "to_ids": true, "type": "vhash", "uuid": "d3c9a3ca-c5b5-4cfe-9009-060ce394273f", "value": "fc7e3765fca30728af4e7f15eb3a548f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733326", "to_ids": true, "type": "filename", "uuid": "367a4887-30d4-4ce9-a619-6be268c5be47", "value": "838e35b62a6b38675e467301166cdcc54f98d528fe43d56936caeffec88ac696.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733326", "to_ids": false, "type": "text", "uuid": "e8432de5-7d7c-4802-8f6f-44dcf5468fbd", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Gafgyt.X!MTB\nVT Total Detection:33/64\nFirst Submission:2026-01-10T11:14:16.000000+00:00\nLast Submission:2026-01-11T02:05:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736002", "uuid": "cbd1d825-47e6-4503-823b-3724ca8168dc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736002", "to_ids": true, "type": "md5", "uuid": "4ff77f8e-0b4c-4591-8205-defcb5df1d14", "value": "ff83e586efff45f0640e277c1c641f0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735709", "to_ids": true, "type": "sha1", "uuid": "fa22beac-7e74-4cda-9d4a-635000e5de38", "value": "5e1980376f31ead33036569021acf42911bd3bd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735709", "to_ids": true, "type": "sha256", "uuid": "f87a732b-f5b7-42a3-afab-37177b0c7d39", "value": "95d1eb12d58206319c514c7240d058c512bb22b31f6ea22ed8be3ae44305c9f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733347", "to_ids": true, "type": "ssdeep", "uuid": "220c3a7e-eca7-4782-96c4-1a2089ec7f7d", "value": "3072:iZKkQ9Wnv49n8hr8xkVwOJjn/sTVOFgTh5NcRLoXFOb5Hy:GKtWrjkzFOb5Hy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733347", "to_ids": false, "type": "size-in-bytes", "uuid": "05e01c0e-4cd4-4233-b9a6-fb6b0514044c", "value": "114907" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733347", "to_ids": true, "type": "vhash", "uuid": "23f6c79a-a4ad-42ae-b12b-09ce6e81ce3f", "value": "28044472b499975a58a246e4b5977acb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733347", "to_ids": true, "type": "filename", "uuid": "fc1c6d74-ab5e-4f50-98e7-b73343bff586", "value": "95d1eb12d58206319c514c7240d058c512bb22b31f6ea22ed8be3ae44305c9f7.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733347", "to_ids": false, "type": "text", "uuid": "38a35079-aba0-436b-bf32-acf0f8f58cef", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Gafgyt.BY!xp\nVT Total Detection:29/64\nFirst Submission:2026-01-10T11:15:02.000000+00:00\nLast Submission:2026-01-11T02:05:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736023", "uuid": "b31be28a-5d59-49b6-92b3-035a4c0dbe91", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736023", "to_ids": true, "type": "md5", "uuid": "037a1e30-b2a2-466c-81e1-4887d1359598", "value": "b530ad3f176b30bc66a05667d4b42867", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735710", "to_ids": true, "type": "sha1", "uuid": "ba0949be-7a04-44b8-822a-b071ef48e64a", "value": "3ac2485dc79ceef78a66c74103fd9abe2c986b12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735710", "to_ids": true, "type": "sha256", "uuid": "3867f2b4-6cef-433e-858d-9b86c215f246", "value": "9b805585c457811d2c5c5664ede9ee869b53e3c9999100505d7ee8de7f855fdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733369", "to_ids": true, "type": "ssdeep", "uuid": "78f5842d-0926-432f-82b4-aa8e102bdbf7", "value": "3072:ufd32uZ4iuGwgPCp5anJuGsHv5eTdEvzdolSlFOt9R:AL4iHwgPCvaJuGKcTdkzdHlFOt9R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733369", "to_ids": false, "type": "size-in-bytes", "uuid": "599ae205-b372-4b0c-bb1b-da2a9d81e936", "value": "125660" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733369", "to_ids": true, "type": "vhash", "uuid": "1d18c0cb-047a-4dc3-bc0e-f575c967eb43", "value": "8392799d7739ad72225fd3b9fa512aa9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733369", "to_ids": true, "type": "filename", "uuid": "1020e16c-1e4d-4441-af86-06b62b704ff4", "value": "9b805585c457811d2c5c5664ede9ee869b53e3c9999100505d7ee8de7f855fdf.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733369", "to_ids": false, "type": "text", "uuid": "6b369410-f6e7-4e65-8571-b34c4f32edc7", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Mirai.DA!MTB\nVT Total Detection:32/64\nFirst Submission:2026-01-10T11:15:03.000000+00:00\nLast Submission:2026-01-11T02:05:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736045", "uuid": "54bd19b4-d109-4d46-bfb9-dfe85765fe77", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736045", "to_ids": true, "type": "md5", "uuid": "3b5cd154-08e1-44de-9f9d-316d1e888d3c", "value": "a482e2a5a5a8fcc38b6be25ab0f773d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735711", "to_ids": true, "type": "sha1", "uuid": "8f44b384-fc51-4d94-ba11-dd8d647b149f", "value": "eaaf811ad8ddd1f3380614c822ddec6943ccce9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735712", "to_ids": true, "type": "sha256", "uuid": "4901fcd8-c62b-493a-a582-85b694db5864", "value": "e4789416c35b345e75c023a8c07c207c79937c6a5444e1c29d85d18d2f660d8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733412", "to_ids": true, "type": "ssdeep", "uuid": "14fb498b-bbf6-4d02-ab7d-1cd8df2468fa", "value": "3072:rhIaPXvqDT5XtgVfNrFpuGA2lrSjDX6FOtk:WiXSDTd6frFpuB2xoX6FOtk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733412", "to_ids": false, "type": "size-in-bytes", "uuid": "98a61415-2252-42f3-9365-4dbdde43a1d8", "value": "117556" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733412", "to_ids": true, "type": "vhash", "uuid": "121a075a-ad1d-4027-84ad-e19dab93281c", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733412", "to_ids": true, "type": "filename", "uuid": "7fec669a-7db1-49ae-99d4-e1d923b9797d", "value": "pwms4t.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733412", "to_ids": false, "type": "text", "uuid": "02a087ac-b2a7-45ce-beb0-26b683f4ec77", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Mirai.HH!MTB\nVT Total Detection:35/64\nFirst Submission:2026-01-10T11:15:07.000000+00:00\nLast Submission:2026-01-11T02:05:28.000000+00:00" } ] } ] } }