{ "Event": { "analysis": "1", "date": "2026-03-31", "extends_uuid": "", "info": "[Threat Intel] Axios NPM Distribution Compromised in Supply Chain Attack", "protected": false, "publish_timestamp": "1775975027", "published": true, "threat_level_id": "2", "timestamp": "1775975027", "uuid": "b287b6ad-0f93-4e66-8f39-d54bcea32faa", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#52774b", "local": false, "name": "misp-galaxy:producer=\"Wiz Blog\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#201172", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Dependencies and Development Tools - T1195.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775098827", "to_ids": false, "type": "link", "uuid": "635e7aed-4f8d-4a90-bce4-b454958a7368", "value": "https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775098827", "to_ids": false, "type": "text", "uuid": "d99ff6ab-178e-4f80-b9ef-5f45e87750d2", "value": "An unknown threat actor compromised the npm account of an axios maintainer, publishing two malicious versions of the package. These versions introduced a dependency on plain-crypto-js, a newly created malicious package. Despite quick removal, axios's widespread usage led to rapid exposure. The malicious package includes a dropper that downloads and executes platform-specific second-stage payloads, functioning as remote access trojans. These payloads can execute remote shells, inject binaries, browse directories, list processes, and perform system reconnaissance. Organizations are advised to audit their environments, remove malicious artifacts, rotate exposed credentials, investigate potential compromise paths, and monitor for suspicious activity." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775098827", "to_ids": false, "type": "text", "uuid": "0dfe3825-80f5-4f7b-af8b-0ef24766698a", "value": "Name: Axios NPM Distribution Compromised in Supply Chain Attack\nAuthor: AlienVault\nAdversary: \nTags: [\"npm\", \"remote access trojan\", \"supply chain attack\", \"axios\", \"credential compromise\", \"plain-crypto-js\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: [\"T1053.005\", \"T1195.001\", \"T1082\", \"T1055\", \"T1059\", \"T1083\", \"T1057\", \"T1059.001\", \"T1547.001\", \"T1059.004\", \"T1027\", \"T1059.006\", \"T1070.004\", \"T1071.001\", \"T1105\"]\nIndustries: []" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775973305", "to_ids": true, "type": "sha256", "uuid": "88608420-36db-43b9-be3f-af90468cd157", "value": "59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775973345", "to_ids": true, "type": "domain", "uuid": "1c0afc4d-5b1a-4cbd-8344-c15c033aa55a", "value": "sfrclak.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775973367", "to_ids": true, "type": "domain", "uuid": "9dea2d22-86b2-4ad4-bd7d-fe9321692d37", "value": "ld.py", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775973306", "to_ids": true, "type": "sha1", "uuid": "679adafb-1fbe-448d-b892-1bc4277a887e", "value": "d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775973388", "to_ids": true, "type": "domain", "uuid": "efa6744e-3cec-4992-8d20-6cbe80a5ee2e", "value": "callnrwise.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775973409", "to_ids": true, "type": "ip-dst", "uuid": "656c7fcb-d644-457a-839f-6fa2c4f155c5", "value": "142.11.206.73", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775973430", "to_ids": true, "type": "url", "uuid": "fbe92766-8fc6-41c7-abe8-ee9de331471e", "value": "http://sfrclak.com:8000/6202033", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775970253", "to_ids": true, "type": "email-src", "uuid": "6fc1d534-a3ca-4441-a320-c78e38c0a4be", "value": "ifstap@proton.me" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775970253", "to_ids": true, "type": "email-src", "uuid": "99d0847d-7b27-4f60-9601-47b669fada0f", "value": "nrwise@proton.me" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973452", "uuid": "62eef7c6-718d-472c-b597-35539772ae98", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973452", "to_ids": true, "type": "md5", "uuid": "c5ae8358-f322-48b6-a1f9-a482ca871e71", "value": "db7f4c82c732e8b107492cae419740ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973294", "to_ids": true, "type": "sha1", "uuid": "25b70bbf-ff9e-4b73-b243-c4052d91459d", "value": "07d889e2dadce6f3910dcbc253317d28ca61c766", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973294", "to_ids": true, "type": "sha256", "uuid": "081578a2-ccbd-491e-a1d4-4a8633b90fb0", "value": "58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972343", "to_ids": true, "type": "ssdeep", "uuid": "33917a49-53c1-4d86-8c1c-8f04e9ec6b8f", "value": "1536:uXG6U0Qn6xK9yaoMZ2NUX6KX1hkKAqFlsaPXOdV2VLbgQvMjCtVpWl+0iium82FM:uWD6MIMAiDXoL6wQg9jQVElKI82Te" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972343", "to_ids": false, "type": "size-in-bytes", "uuid": "d75f0ee1-aaab-47a7-ab30-d9ba31e0bd25", "value": "89868" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775972343", "to_ids": true, "type": "vhash", "uuid": "61195651-e31e-49a7-b654-b269ac9b7c16", "value": "cd8e4404877b2b40dc62d177414fd4bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972343", "to_ids": true, "type": "filename", "uuid": "23ca2012-74db-4c39-9a75-a8ae5e8ae02a", "value": "58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668.gz" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972343", "to_ids": false, "type": "text", "uuid": "cfaff22e-5cd7-4127-83bd-3f954eedbfdf", "value": "Type Description: GZIP\nMicrosoft: TrojanDownloader:JS/TalonStrike.D!dha\nVT Total Detection:34/63\nFirst Submission:2026-03-31T02:57:22.000000+00:00\nLast Submission:2026-04-08T05:57:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973473", "uuid": "8787313f-c260-43ed-9555-d7d063d8c7d2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973473", "to_ids": true, "type": "md5", "uuid": "2fd7491b-b950-45a3-acba-8b9a519927ea", "value": "21d2470cae072cf2d027d473d168158c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973295", "to_ids": true, "type": "sha1", "uuid": "a74b38c3-cb88-4609-88b0-1aed600e01f9", "value": "2553649f2322049666871cea80a5d0d6adc700ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973295", "to_ids": true, "type": "sha256", "uuid": "f671b350-dd2f-4a11-934b-3c492e48555a", "value": "5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972386", "to_ids": true, "type": "ssdeep", "uuid": "e1840b2e-9b25-42ea-9d84-69c2dc4ff187", "value": "12288:zU1Bd73ORJcXLJGfqLAbDfvIoKi08KAS453HbUyFdDn7xkB8xdUbH:u3jNGfSuLvIqKAjh7b7x+MUz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972386", "to_ids": false, "type": "size-in-bytes", "uuid": "7f45edc9-8073-4a50-9ba3-8c963593f892", "value": "630301" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775972386", "to_ids": true, "type": "vhash", "uuid": "eb18352e-e06e-4cc9-af15-311eed17d217", "value": "e5935c4c7d3cc2883bd14332f5e3ea18" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972386", "to_ids": true, "type": "filename", "uuid": "d53cadb3-25d7-4de4-9b1f-0256359de373", "value": "axios-1.14.1.tgz" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972386", "to_ids": false, "type": "text", "uuid": "fb7eaf95-2bf7-4cd8-bb73-0c4e6a050cf9", "value": "Type Description: GZIP\nMicrosoft: None\nVT Total Detection:22/63\nFirst Submission:2026-03-31T04:08:34.000000+00:00\nLast Submission:2026-04-07T10:40:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973494", "uuid": "89b866e0-cf8f-4fd5-b66d-349d38b7c105", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973494", "to_ids": true, "type": "md5", "uuid": "e35fcb6d-3043-423a-a22f-972119f9321a", "value": "04e3073b3cd5c5bfcde6f575ecf6e8c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973296", "to_ids": true, "type": "sha1", "uuid": "ccbd036c-c3f1-47c1-952d-6e39cf371e7f", "value": "a90c26e7cbb3440ac1cad75cf351cbedef7744a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973296", "to_ids": true, "type": "sha256", "uuid": "22636747-a36e-4f97-b52b-b09bb08a0245", "value": "617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972407", "to_ids": true, "type": "ssdeep", "uuid": "0d33e43a-64a4-4193-baa9-872bb0779d92", "value": "192:b9u9gG89mD+SOzuahCnGX1pybp0j5PWFmFBiMluIY26qb7cTOXAWumPTvCfuYRNI:b4KG8MwzuaEnGDPWFsBiM9Yy/LCfj7H6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972407", "to_ids": false, "type": "size-in-bytes", "uuid": "2fe8179e-2536-46ff-aa64-a37a21345fbe", "value": "11042" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775972407", "to_ids": true, "type": "vhash", "uuid": "2c169e70-0ed0-4a34-b091-64fbb1241853", "value": "58929cf2b703de329505bcef391d8dcb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972407", "to_ids": true, "type": "filename", "uuid": "6eab85d8-d85d-46a4-870b-a916b48603d7", "value": "617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101.ps1" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972407", "to_ids": false, "type": "text", "uuid": "d98c39e1-6867-436d-9161-290667d39799", "value": "Type Description: Powershell\nMicrosoft: Backdoor:PowerShell/TalonStrike.B!dha\nVT Total Detection:35/62\nFirst Submission:2026-03-31T02:52:21.000000+00:00\nLast Submission:2026-04-02T07:10:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973516", "uuid": "1b599998-9743-478d-8645-a853ed1eaae6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973516", "to_ids": true, "type": "md5", "uuid": "da398531-ffda-4c09-bea8-7a4db12354c7", "value": "7a9ddef00f69477b96252ca234fcbeeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973297", "to_ids": true, "type": "sha1", "uuid": "7d0248c8-6e3a-4083-9e7c-72c8bd958ad9", "value": "13ab317c5dcab9af2d1bdb22118b9f09f8a4038e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973297", "to_ids": true, "type": "sha256", "uuid": "2cc12887-2a0a-4aa8-a551-b6042972d554", "value": "92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972429", "to_ids": true, "type": "ssdeep", "uuid": "2293e914-78ca-424e-ba81-add4eb0dbf00", "value": "6144:xjazCtUlrLxJnzsOOAx2Y+AktJgRESAtxVZS63vYdCzsbAkuNjepym:xjazCtyJcYKgRESAT93AdUjepym" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972429", "to_ids": false, "type": "size-in-bytes", "uuid": "1bde0519-ff74-46a0-9ffa-b34de28c34af", "value": "657424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775972429", "to_ids": true, "type": "vhash", "uuid": "6c827647-034d-4f7d-b32f-2bf0516ae76d", "value": "5888402d25bc5f77c7c3d92ca5d30997" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972429", "to_ids": true, "type": "filename", "uuid": "4c043baa-573a-4c51-95be-82ce44f6c801", "value": "92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a.macho" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972429", "to_ids": false, "type": "text", "uuid": "ca9a181d-853f-4864-9843-ca2d526cacf1", "value": "Type Description: Mach-O\nMicrosoft: Backdoor:MacOS/TalonStrike.A!dha\nVT Total Detection:36/64\nFirst Submission:2026-03-31T01:05:29.000000+00:00\nLast Submission:2026-04-08T14:55:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973537", "uuid": "6588edfb-7305-47e5-a1a3-1ea0eb610c96", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973537", "to_ids": true, "type": "md5", "uuid": "192764ff-3609-4fd8-9238-ea006f239f94", "value": "9663665850cdd8fe12e30a671e5c4e6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973298", "to_ids": true, "type": "sha1", "uuid": "1cde05b6-e472-4748-b0b3-57cd64225ecb", "value": "59faac136680104948e083b3b67a70af9bfa5d5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973298", "to_ids": true, "type": "sha256", "uuid": "e13cd437-e0e8-4456-a2ad-063808cb9168", "value": "fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972451", "to_ids": true, "type": "ssdeep", "uuid": "38bd64e3-468f-435b-9422-66ffbb60523a", "value": "192:V+OTSQFF3MjzSCII7s32HaYo5uuFe0+60U2WICd/tPQTnd/Y+cLL2dPj47Hp79Bb:V+OTJRCII7sRdI8mT+IkUAsQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972451", "to_ids": false, "type": "size-in-bytes", "uuid": "a6b682f5-1444-4e8c-86c8-b8882c2fe4fb", "value": "12323" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972451", "to_ids": true, "type": "filename", "uuid": "f56cad0a-c1a1-4763-9ea3-c08946b73e12", "value": "__fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf.py" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972451", "to_ids": false, "type": "text", "uuid": "8530a09d-aaf1-4c53-b65e-2a562c756cdb", "value": "Type Description: Python\nMicrosoft: Backdoor:Python/TalonStrike.C!dha\nVT Total Detection:36/63\nFirst Submission:2026-03-31T02:52:31.000000+00:00\nLast Submission:2026-04-08T13:20:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973559", "uuid": "2f30cf9a-1b70-4101-b50e-a51f26982d9b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973559", "to_ids": true, "type": "md5", "uuid": "dd0ed048-ae52-49cf-9cf3-c5de682290cf", "value": "7658962ae060a222c0058cd4e979bfa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973300", "to_ids": true, "type": "sha1", "uuid": "3203c2a4-ff77-4573-b8ef-3a1f4fc73053", "value": "b0e0f12f1be57dc67fa375e860cedd19553c464d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973300", "to_ids": true, "type": "sha256", "uuid": "26efa9e3-3296-484f-9284-377387c58815", "value": "e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972473", "to_ids": true, "type": "ssdeep", "uuid": "27c14bef-4704-4ae8-9666-739cfb126428", "value": "96:V0BwY31H/x2Nov7NMUtjlNU0kCsSuckO6Jg5yD8pm:V07H/x2NSBNxjl4S9t5yopm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972473", "to_ids": false, "type": "size-in-bytes", "uuid": "802aaa2f-bf49-4482-9abb-49c05c72e98b", "value": "4209" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775972473", "to_ids": true, "type": "vhash", "uuid": "08ceef27-a295-4ba0-b240-b78f83ed75d5", "value": "38941ec9dea7b975f11cc8643b2a9926" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972473", "to_ids": true, "type": "filename", "uuid": "168d07ff-46c8-4466-8ec2-d83572fb0357", "value": "setup.js" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972473", "to_ids": false, "type": "text", "uuid": "fa67f3fe-7ce8-4f97-8dbb-d407514a235a", "value": "Type Description: JavaScript\nMicrosoft: TrojanDownloader:JS/TalonStrike.D!dha\nVT Total Detection:34/62\nFirst Submission:2026-03-31T04:19:15.000000+00:00\nLast Submission:2026-04-10T03:39:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973580", "uuid": "52d2c833-5947-4b4f-9649-0a0ea41090ed", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973580", "to_ids": true, "type": "md5", "uuid": "58526d25-92a9-4487-a450-603b1c5f87f6", "value": "089e2872016f75a5223b5e02c184dfec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973301", "to_ids": true, "type": "sha1", "uuid": "12de41d5-8369-4b6c-9d4d-61a212c15af6", "value": "978407431d75885228e0776913543992a9eb7cc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973301", "to_ids": true, "type": "sha256", "uuid": "5e18c25d-02de-498c-bf72-bae0de9f505d", "value": "f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972494", "to_ids": true, "type": "ssdeep", "uuid": "efd44cee-d224-48dc-9aa2-0cafb6b19fa7", "value": "6:rz8SFXF+RLgyKBM3S1z+ILh8JkziZw1T34WSV2o4VhRUaep1T34W0:X8+ERLgyaIS1HGuziZwh2MhXsh0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972494", "to_ids": false, "type": "size-in-bytes", "uuid": "d9a815ee-7cd4-4cf6-bfae-87259a89895f", "value": "265" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972494", "to_ids": true, "type": "filename", "uuid": "c9a0e22e-735f-4459-a324-9b093b7e92ec", "value": "f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd.bat" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972494", "to_ids": false, "type": "text", "uuid": "fd33e5c2-80a2-4d4f-a45f-d559dde2da34", "value": "Type Description: Powershell\nMicrosoft: TrojanDownloader:BAT/TalonStrike.F!dha\nVT Total Detection:34/62\nFirst Submission:2026-03-31T02:26:44.000000+00:00\nLast Submission:2026-04-10T09:14:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973602", "uuid": "c02dc18f-dc3f-499e-9f99-7543ce54c183", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973602", "to_ids": true, "type": "md5", "uuid": "9c984cb7-4b40-467c-9ee6-78e7421ac815", "value": "8c782b59a786f18520673e8d669e3b0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973303", "to_ids": true, "type": "sha1", "uuid": "92b7551d-e7d2-4b42-aa3e-b7f14acbeb5f", "value": "ae39c4c550ad656622736134035f17ca7a66a742", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973303", "to_ids": true, "type": "sha256", "uuid": "94a7e698-0f2a-48e9-bf3d-8206ddd857c3", "value": "e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972516", "to_ids": true, "type": "ssdeep", "uuid": "ed6d1bd6-1393-4ddc-812a-2036b3a31f36", "value": "6:rz8SFXF+RLgyKBM3S1z+ILh8JkziCVAV2o4VhRUaeq:X8+ERLgyaIS1HGuziCqVMhXn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972516", "to_ids": false, "type": "size-in-bytes", "uuid": "a2c1cb6b-0c4f-46b4-930a-27d1c8949e4e", "value": "203" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972516", "to_ids": true, "type": "filename", "uuid": "7bc05274-9d17-4493-ba1e-981c5baaa885", "value": "system.bat" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972516", "to_ids": false, "type": "text", "uuid": "8aa12468-f9d2-4a9d-9410-6c1bd18ea257", "value": "Type Description: Powershell\nMicrosoft: TrojanDownloader:PowerShell/TalonStrike!MTB\nVT Total Detection:29/62\nFirst Submission:2026-03-31T00:45:40.000000+00:00\nLast Submission:2026-03-31T14:42:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775973623", "uuid": "1252f2ef-3870-41ee-86d0-0eb194f0b8f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775973623", "to_ids": true, "type": "md5", "uuid": "d9a4403e-58e2-420c-889d-78ed8866e0b7", "value": "90e8e227ba8bef0ea7e0212b5b1e0d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973303", "to_ids": true, "type": "sha1", "uuid": "b05280a8-a001-4682-9145-f2d7df2595b1", "value": "dbd62d788ce8dcaa96116a73f70ee24813d59428", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973304", "to_ids": true, "type": "sha256", "uuid": "b256a404-30cb-490e-a601-6dd3550e8520", "value": "ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972537", "to_ids": true, "type": "ssdeep", "uuid": "bc87b9a7-87af-47de-aaf2-75045f3adbe7", "value": "192:b9u9gG89mD+SOzuahCnGX1pybp0j5PWFmFBiMluIY266b7cTOXAWnTvfOkFHPL:b4KG8MwzuaEnGDPWFsBiM9YChLf1HD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972537", "to_ids": false, "type": "size-in-bytes", "uuid": "e7a51cea-8e01-48d1-9cc4-6c97ebb0322b", "value": "10656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775972537", "to_ids": true, "type": "vhash", "uuid": "e30a8fd1-c1c5-4886-81c2-a169afe2ff81", "value": "6999d755f2fc6f1ce13e39107e15280c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972537", "to_ids": true, "type": "filename", "uuid": "e40c4d10-3af9-4ef0-acb6-c9b68e1c687a", "value": "ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c.ps1" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972537", "to_ids": false, "type": "text", "uuid": "2c0990e6-566d-42fe-9963-c1e79ec1ae89", "value": "Type Description: Powershell\nMicrosoft: Backdoor:PowerShell/TalonStrike.B!dha\nVT Total Detection:35/62\nFirst Submission:2026-03-31T00:39:55.000000+00:00\nLast Submission:2026-04-02T07:10:47.000000+00:00" } ] } ] } }