{ "Event": { "analysis": "1", "date": "2026-03-23", "extends_uuid": "", "info": "[Threat Intel] Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure", "protected": false, "publish_timestamp": "1775507888", "published": true, "threat_level_id": "3", "timestamp": "1775507888", "uuid": "bc43da5a-26d6-4126-892a-5e5aedc34087", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#177fb7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1218.011\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#327a31", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1027.001\"", "relationship_type": "" }, { "colour": "#cb2725", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Right-to-Left Override - T1036.002\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#e2a873", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steganography - T1027.003\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774407611", "to_ids": false, "type": "link", "uuid": "2dabc083-590a-41a3-ba6f-9a9152dabfc7", "value": "https://www.levelblue.com/blogs/spiderlabs-blog/tracing-a-multi-vector-malware-campaign-from-vbs-to-open-infrastructure", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774407611", "to_ids": false, "type": "text", "uuid": "9d2b47f8-dc50-4a89-9f4b-2725636fcbe0", "value": "A multi-stage malware delivery campaign was uncovered, initially detected through a suspicious VBS file. The investigation revealed a complex attack infrastructure using Unicode obfuscation, PNG-based payload staging, and reflectively loaded .NET execution. The attacker utilized open directories to host multiple obfuscated VBS files, each mapping to different malware payloads including XWorm and Remcos RAT. A secondary infection vector involving a weaponized 'PDF' and batch script was also discovered. The campaign demonstrated a modular approach, allowing for payload rotation and multiple attack vectors from the same domain. This sophisticated infrastructure design enables rapid modification and expansion of available payloads without altering the initial delivery mechanism." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774407611", "to_ids": false, "type": "text", "uuid": "43b16772-1098-493b-bbb4-3a24586ff39d", "value": "Name: Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure\nAuthor: AlienVault\nAdversary: \nTags: [\"uac bypass\", \"kramer\", \"scorpiorat\", \"phantomvai\", \"remcos rat\"]\nTgtd countries: []\nMlwr families: [\"XWorm\", \"Remcos RAT\", \"ScorpioRAT\", \"PhantomVAI\", \"Kramer\"]\nAttack_ids: [\"T1053.005\", \"T1218.011\", \"T1129\", \"T1204.002\", \"T1573.001\", \"T1566.002\", \"T1082\", \"T1140\", \"T1055\", \"T1027.001\", \"T1036.002\", \"T1083\", \"T1059.001\", \"T1547.001\", \"T1027\", \"T1027.003\", \"T1059.005\", \"T1105\"]\nIndustries: []" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486668", "to_ids": true, "type": "sha1", "uuid": "865390a7-aae7-4c78-a2ef-425748d67038", "value": "08e3321955194964bd1e3784691e2d62055f6860", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486669", "to_ids": true, "type": "sha1", "uuid": "084a94dc-bda2-4648-ae70-6fca2c464f19", "value": "1e0ab184a8941ab4d5e3552237061019a06b3cca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486669", "to_ids": true, "type": "sha1", "uuid": "5951981f-6431-47a0-a378-7a8ba6dd68fd", "value": "48f9d6a325afd0daa9cbd6e05a65c0b46fa8f536", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486670", "to_ids": true, "type": "sha1", "uuid": "982ebe80-d276-4640-9389-3c5746d1828d", "value": "9c0e9d1bde0aa69374b4c7301fb53d0e47ab7ade", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486671", "to_ids": true, "type": "sha1", "uuid": "f071f692-6048-46b2-8a34-853009595622", "value": "a27315ce27675e953aec70a7639e2ea3f77b7159", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486672", "to_ids": true, "type": "sha1", "uuid": "79e0938e-c2b8-4e5f-86f3-f6ba9a135417", "value": "e8a5dbeb166ca201b24a9d68b6d5cd0f10744491", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488561", "to_ids": true, "type": "url", "uuid": "4188ba46-3f37-4344-8314-27061ad44c12", "value": "http://bacteria-spent-endless-grammar.trycloudflare.com/okl", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488582", "to_ids": true, "type": "url", "uuid": "6d5e8bbd-febc-488b-912d-39b228a2d0ba", "value": "http://css-direct-excel-highlights.trycloudflare.com/1Nov20MA.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488604", "to_ids": true, "type": "url", "uuid": "02f1d24c-254d-49bc-84ae-2b9a0e1a6e29", "value": "http://css-direct-excel-highlights.trycloudflare.com/1Nov20ST.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488625", "to_ids": true, "type": "url", "uuid": "66b20c37-0842-4a26-a9b2-4affc1b75801", "value": "http://css-direct-excel-highlights.trycloudflare.com/1Nov20SU.bat", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488647", "to_ids": true, "type": "url", "uuid": "2a3ae814-a573-4b78-b652-bb1237f64663", "value": "http://news4me.xyz/coupon/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488669", "to_ids": true, "type": "url", "uuid": "18904d91-148b-47f7-92bd-6380af347a9b", "value": "http://news4me.xyz/invoice/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488690", "to_ids": true, "type": "url", "uuid": "3172ad87-e1e2-46a1-a5cd-3c4857b16f51", "value": "http://news4me.xyz/protector/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488712", "to_ids": true, "type": "url", "uuid": "aa8ddd72-6670-4224-8d26-f4924add664c", "value": "http://news4me.xyz/protector/johnremcos.xn--txt-9o0a", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488733", "to_ids": true, "type": "url", "uuid": "2e431f63-3792-4820-8bee-bb1159b58e62", "value": "http://news4me.xyz/uac.png", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488754", "to_ids": true, "type": "url", "uuid": "58e8b724-9a5a-4760-b15c-3042c448b8ed", "value": "http://shirts-june-gratis-repository.trycloudflare.com/1Nov20MA.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488776", "to_ids": true, "type": "url", "uuid": "cb9e11e8-4077-43c2-8177-15017be44b04", "value": "http://shirts-june-gratis-repository.trycloudflare.com/1Nov20ST.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488797", "to_ids": true, "type": "url", "uuid": "a1adf62f-bc7b-4a0e-839d-0525a2905b28", "value": "http://shirts-june-gratis-repository.trycloudflare.com/1Nov20SU.txt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488818", "to_ids": true, "type": "url", "uuid": "4828146d-5d4c-47c0-a291-07a6bf0882d8", "value": "http://tammhdka.cloud:5790/PH1NovMA.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488839", "to_ids": true, "type": "url", "uuid": "fe6e5ef8-2005-4607-9e40-b0947a7a76ed", "value": "http://tammhdka.cloud:5790/PH1NovST.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488860", "to_ids": true, "type": "url", "uuid": "dfa4cf62-133c-45f6-b100-c924b046ce42", "value": "http://tammhdka.cloud:5790/PHNovSU.bat", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488881", "to_ids": true, "type": "url", "uuid": "28ea4d57-d666-41c6-a525-517c21063006", "value": "http://tammhdka.pro:5590/1NovMA.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488904", "to_ids": true, "type": "url", "uuid": "323f1273-74d4-4273-bb5c-1d7b10a81ebb", "value": "http://tammhdka.pro:5590/1NovST.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488925", "to_ids": true, "type": "url", "uuid": "3bc06e4c-e1f1-46ba-9083-08201b77a72c", "value": "http://tammhdka.pro:5590/1NovSU.txt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488946", "to_ids": true, "type": "url", "uuid": "224b47fc-3277-49a9-86a7-27fc1705c256", "value": "https://news4me.xyz/protector/johnremcos.txt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488967", "to_ids": true, "type": "url", "uuid": "0d295fde-53cc-427d-b4d4-249f94085e66", "value": "https://news4me.xyz/uac.png", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775488988", "to_ids": true, "type": "domain", "uuid": "0436ee43-fe07-45b8-ad6c-8d5f49bffec4", "value": "news4me.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489009", "to_ids": true, "type": "domain", "uuid": "fe1a6805-bfba-4147-8ae5-68ef42051e8c", "value": "tammhdka.cloud", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489030", "to_ids": true, "type": "domain", "uuid": "aa87f403-a762-4600-bfb8-5391c2308358", "value": "tammhdka.pro", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489052", "to_ids": true, "type": "hostname", "uuid": "06e84bf7-6dae-47d8-863c-e6f369a29958", "value": "adapter-chess-gently-residential.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489073", "to_ids": true, "type": "hostname", "uuid": "fcbb234b-ceef-4bc3-bc63-cebbba54447a", "value": "aye-knights-copyrights-nominations.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489094", "to_ids": true, "type": "hostname", "uuid": "038f9ac4-4881-42a1-a09a-46976bc4ee99", "value": "bacteria-spent-endless-grammar.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489116", "to_ids": true, "type": "hostname", "uuid": "65621ac3-bc0b-4cf7-81c0-e0b7dcff9b02", "value": "css-direct-excel-highlights.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489137", "to_ids": true, "type": "hostname", "uuid": "300d560c-3cfc-4d16-bab9-883740f5f93c", "value": "grammar.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489158", "to_ids": true, "type": "hostname", "uuid": "d0af6e9b-843b-44b8-9e3a-ecea05bf2685", "value": "shirts-june-gratis-repository.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489179", "to_ids": true, "type": "url", "uuid": "0e70075c-c415-4e03-b523-ee9570712e52", "value": "news4me.xyz/coupon/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489200", "to_ids": true, "type": "url", "uuid": "cd6faef1-a91c-4951-9234-3a1ce95f12ac", "value": "300ff.vbs/51379754466.vbs", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489221", "to_ids": true, "type": "url", "uuid": "e6037e36-30bc-41e2-ab03-9303a38bb87e", "value": "news4me.xyz/uac.png", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489242", "to_ids": true, "type": "url", "uuid": "2c07591b-0166-4a25-966a-4d20ae6747ca", "value": "ia601409.us.archive.org/25/items/msi-pro-with-b-64_20251106/MSI_PRO_with_b64.png", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489263", "to_ids": true, "type": "url", "uuid": "c08cc80d-00d8-436a-b65e-6acecf1d0bed", "value": "ia801409.us.archive.org/10/items/msi-pro-with-b-64_20251111/MSI_PRO_with_b64.png", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489284", "to_ids": true, "type": "url", "uuid": "829e7caa-e536-4119-979d-b01ae44e1245", "value": "ia600407.us.archive.org/7/items/msi-pro-with-b-64_202511/MSI_PRO_with_b64.png", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489305", "to_ids": true, "type": "url", "uuid": "6f7b410e-0c30-4e76-b1ad-f406855f5f17", "value": "ia600606.us.archive.org/11/items/msi-pro-with-b-64_20251030/MSI_PRO_with_b64.png", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489326", "to_ids": true, "type": "url", "uuid": "f4b26a13-502a-4da3-8f9c-f6a5cf371928", "value": "news4me.xyz/protector/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489347", "to_ids": true, "type": "url", "uuid": "a014b1c0-c085-4341-84d8-bcd7265282e9", "value": "news4me.xyz/invoice/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489368", "to_ids": true, "type": "url", "uuid": "f3e50492-4578-40a8-83b4-848d97cb4fa9", "value": "css-direct-excel-highlights.trycloudflare.com/1Nov20MA.zip", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489389", "to_ids": true, "type": "url", "uuid": "553ddf5f-28b9-4f30-a259-38baec02c1a7", "value": "tammhdka.cloud:5790/PH1NovMA.zip", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489410", "to_ids": true, "type": "url", "uuid": "32309f7b-9e74-41b0-9eb6-065ac74d81cb", "value": "css-direct-excel-highlights.trycloudflare.com/1Nov20ST.zip", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489433", "to_ids": true, "type": "url", "uuid": "3d716b2d-1fc9-40b5-9ceb-fd88a2c6be3e", "value": "tammhdka.cloud:5790/PH1NovST.zip", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489454", "to_ids": true, "type": "url", "uuid": "107f4ad6-2f3f-40f6-b9e8-f453b804e2b0", "value": "css-direct-excel-highlights.trycloudflare.com/1Nov20SU.bat", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489475", "to_ids": true, "type": "url", "uuid": "f91979fb-4f24-4e46-9e45-4b88780862ff", "value": "tammhdka.cloud:5790/PHNovSU.bat", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489496", "to_ids": true, "type": "url", "uuid": "eba76a78-f930-48e4-8c15-01f6a58d21da", "value": "bacteria-spent-endless-grammar.trycloudflare.com/okl", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489517", "to_ids": true, "type": "url", "uuid": "7d3de996-9ba0-4943-8297-afcdc85dde1b", "value": "shirts-june-gratis-repository.trycloudflare.com/1Nov20MA.zip", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489538", "to_ids": true, "type": "url", "uuid": "9722bde8-3768-4621-969e-18ba124f8e35", "value": "tammhdka.pro:5590/1NovMA.zip", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489559", "to_ids": true, "type": "url", "uuid": "38e440ac-992b-42d1-b220-2b21931a87db", "value": "shirts-june-gratis-repository.trycloudflare.com/1Nov20ST.zip", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489579", "to_ids": true, "type": "url", "uuid": "7647b48d-9cbb-41c0-8a17-7af2190f6d92", "value": "shirts-june-gratis-repository.trycloudflare.com/1Nov20SU.txt", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775489601", "to_ids": true, "type": "url", "uuid": "ff4e81e0-e262-48f0-a4f8-02146f98f1f7", "value": "tammhdka.pro:5590/1NovSU.txt", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489622", "uuid": "404f9301-d4d5-4855-9355-096b29215e09", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489622", "to_ids": true, "type": "md5", "uuid": "1cf8bf0d-2ce5-41f5-964e-30b5ed79dea9", "value": "03e939a5a929151fc6fa3cf5df19db37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486621", "to_ids": true, "type": "sha1", "uuid": "f4013470-9e66-4047-a339-5e8d6a795b07", "value": "69fe62c8af8eefddf48eef454929c4fae7f2f2a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486621", "to_ids": true, "type": "sha256", "uuid": "e16f89f6-56b2-4b15-bb57-e5121d5c1f2e", "value": "bfebdbb203eaa3e07a098a2dc89951f52c8d902abe551f7ad54f632b44b13ddb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485070", "to_ids": true, "type": "ssdeep", "uuid": "2ceacb4c-be9a-43a0-b41b-964a6baacce1", "value": "768:93ID9XsWaCBX3TDMIqMVFE9j7JOjhBbv:9M9XRVX3XMItFE9j7JOjHj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485070", "to_ids": false, "type": "size-in-bytes", "uuid": "395c1443-02c4-4182-9a05-b03660cc65b7", "value": "33637" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485070", "to_ids": true, "type": "filename", "uuid": "eb3bbc10-0631-45b4-85be-d502a1a08013", "value": "gzal1khs.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485070", "to_ids": false, "type": "text", "uuid": "8e55a5f2-fb9b-40ec-ba75-863ca91e10cd", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/XWormRAT.J!MTB\nVT Total Detection:46/71\nFirst Submission:2026-01-14T09:11:49.000000+00:00\nLast Submission:2026-01-14T09:11:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489643", "uuid": "ddc3d29e-808b-44c1-ae39-e97e873089d3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489643", "to_ids": true, "type": "md5", "uuid": "35e79114-5f17-4f2f-bb6f-9a580e236db0", "value": "2084e1465c6495a23f922078e96bbd70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486622", "to_ids": true, "type": "sha1", "uuid": "fb64ce93-50fe-4630-bf53-f4a87d604618", "value": "c76ca312e44a02a9713062eb90410c3008819727", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486622", "to_ids": true, "type": "sha256", "uuid": "4445582c-db02-430d-a9fa-0c16f81be494", "value": "6d85d3af63298e0a5fa48a535f54051ae1972dd7966582c4adea6265103fd343", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485092", "to_ids": true, "type": "ssdeep", "uuid": "1da2829d-919a-44fd-8fa9-814fa4860503", "value": "393216:JXRcBVFq2sqklve8n2Df8kY3ucN6Os2Ly+ugmgnhtV4udu:7c9q5lGfDf8Nuc82BugmghkuE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485092", "to_ids": false, "type": "size-in-bytes", "uuid": "0c052f60-3139-42c2-b40e-ebc0439d1273", "value": "16026230" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485092", "to_ids": true, "type": "vhash", "uuid": "da1aa4b9-0738-42e2-8e05-23f67911aec3", "value": "5af16a6244d1a9bb1c3b6782226a33dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485092", "to_ids": true, "type": "filename", "uuid": "c614ecee-c5e3-46f6-af4c-84107af53025", "value": "1Nov20ST.zip" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485092", "to_ids": false, "type": "text", "uuid": "0912489f-6536-4771-ae61-bbecb666d539", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:5/69\nFirst Submission:2025-12-03T23:04:19.000000+00:00\nLast Submission:2025-12-03T23:04:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489665", "uuid": "3926c387-db4b-48de-882b-c750e4ea85b4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489665", "to_ids": true, "type": "md5", "uuid": "515b668e-df28-4b0c-a87c-04473ce0cce0", "value": "a42f5ad4ce4ef2a52a37cc8a08f614b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486624", "to_ids": true, "type": "sha1", "uuid": "3adf7b88-3471-47d0-b9a4-f6ca4419b999", "value": "1966478c5568ef90ffc1d55ce09192e1a9e774c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486624", "to_ids": true, "type": "sha256", "uuid": "295d0ba6-292c-4227-8884-2528e4b7a064", "value": "9389993d790c453c1beeb36a34fcd3f5bc2f7a9229d6e85abcc363624466d251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485114", "to_ids": true, "type": "ssdeep", "uuid": "6e22686e-d471-494f-8b8a-14333ca5f792", "value": "393216:JXRcBVFq2sqklve8n2Df8kY3ucN6Os2Ly+ugmgnhokudBg:7c9q5lGfDf8Nuc82Bugmgh5uo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485114", "to_ids": false, "type": "size-in-bytes", "uuid": "7c2d066a-5413-4070-ace6-3e8b31a88e96", "value": "16026180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485114", "to_ids": true, "type": "vhash", "uuid": "e7ce226d-436a-4ca8-8805-dd857058a537", "value": "5af16a6244d1a9bb1c3b6782226a33dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485114", "to_ids": true, "type": "filename", "uuid": "8dd2aee5-98a4-4550-822a-3f30f425734f", "value": "1NovST.zip" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485114", "to_ids": false, "type": "text", "uuid": "2ec91d29-7504-41dc-98ae-b0468ef2ed50", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:23/69\nFirst Submission:2025-11-19T13:26:26.000000+00:00\nLast Submission:2025-11-19T13:26:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489686", "uuid": "76f85af1-fafd-4661-8170-37dd8747e239", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489686", "to_ids": true, "type": "md5", "uuid": "5813ee19-9699-4d9a-bc1d-964748ee88ab", "value": "bde1b4cf5f7432c4e653370de5887eff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486625", "to_ids": true, "type": "sha1", "uuid": "b8ebaa24-aa88-4289-872f-9d2d3ef21869", "value": "0e4dbc00d72f228afe9ee58499f70f3f9bbfcebe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486625", "to_ids": true, "type": "sha256", "uuid": "280d2afb-b8c1-46f6-8910-cba8ead67520", "value": "1a29369cec47d6e6869ac2d9f26816ce39dc0ac5ce3efd3659ebc07ea79cb394", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485135", "to_ids": true, "type": "ssdeep", "uuid": "9a755fa8-657f-46db-a04d-48786289d14c", "value": "393216:BXmcBVFq2lCklve8n2DfkkY3ucN6ON2LcIugmgnhmRLatT18O5:oc9q2lGfDfkNuc8/ZugmghmReZ6O5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485135", "to_ids": false, "type": "size-in-bytes", "uuid": "03d31bc7-e795-4aa6-bd39-893c8c72a14f", "value": "17098508" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485135", "to_ids": true, "type": "vhash", "uuid": "97c23233-9252-4b9e-bb79-e2e8c790c5e0", "value": "5af16a6244d1a9bb1c3b6782226a33dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485135", "to_ids": true, "type": "filename", "uuid": "36132aac-43ad-454b-ad24-6429ce6be308", "value": "1Nov20MA.zip" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485135", "to_ids": false, "type": "text", "uuid": "8d8d1a77-2440-4b6d-ac76-b7efddb2a1b9", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:26/69\nFirst Submission:2025-12-03T23:03:14.000000+00:00\nLast Submission:2025-12-03T23:03:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489707", "uuid": "81476e71-4fd2-4964-868a-1f8818b30b52", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489707", "to_ids": true, "type": "md5", "uuid": "f9b80d24-4788-4def-ac1d-8df406e78b34", "value": "da1ce5fc73a517ab186d73cb62e15350", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486626", "to_ids": true, "type": "sha1", "uuid": "6e7b18ce-8f7f-43b1-aed9-cc45a1f52c20", "value": "5f57b08104cd8961a231f514d3ffaad3f873e3d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486626", "to_ids": true, "type": "sha256", "uuid": "7f4194a2-d9cb-4cc2-8602-904bad6fc362", "value": "52bf386db3b8f83753c6139f3dd4cb0246f653a99a3204924264f559cd697e8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485157", "to_ids": true, "type": "ssdeep", "uuid": "0d0627c7-fc3f-46eb-8e9b-22edd5dae3f6", "value": "768:dTZRWwxRyE7zq8uNM6tCiz5LTFQ9ItOGhU4bBc:dtRWfsG8bC/FQ9ItOGJFc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485157", "to_ids": false, "type": "size-in-bytes", "uuid": "2541605c-de82-401c-9979-a06e366ead97", "value": "39850" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485157", "to_ids": true, "type": "vhash", "uuid": "b2f32403-0e0a-4a46-b7a4-da1604dd8030", "value": "03403655151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485157", "to_ids": true, "type": "filename", "uuid": "dfa27dc3-cb77-4468-a407-33853d963954", "value": "0xm1z0.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485157", "to_ids": false, "type": "text", "uuid": "c2d9921d-7bfb-4bf7-89fa-970f0bf45626", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/XWormRAT.J!MTB\nVT Total Detection:49/71\nFirst Submission:2026-01-15T08:26:28.000000+00:00\nLast Submission:2026-01-15T08:26:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489729", "uuid": "46e590a4-c8ef-4fda-92c4-a85ba06917d3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489729", "to_ids": true, "type": "md5", "uuid": "ab427f30-e235-4993-b24a-0a22c97049fd", "value": "ef0b945688626e76c14d7488db5a2356", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486627", "to_ids": true, "type": "sha1", "uuid": "dbec8d2b-bcc9-4c0c-b6c5-ddd45c55e713", "value": "c871213fd20404fb5b48a1e4d4b256f3bffbfcd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486627", "to_ids": true, "type": "sha256", "uuid": "7c8ff25d-5930-4b28-816f-4638cce28cdb", "value": "b6a55f7559d7a91b2a49a1916794f7b80078bc94f1dd48a360b6a7cc22486d8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485179", "to_ids": true, "type": "ssdeep", "uuid": "1962c2f1-d9ef-4797-b2fb-c021cb0b1a42", "value": "384:yLLJj/jNme3c1IU1d3X1QJb7bW6KtLwfzx+HmisVehKxyg+hLDdHYCFZP3lpmIMQ:sLZ/jNmNIU0WLIvV49/1v7D71I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485179", "to_ids": false, "type": "size-in-bytes", "uuid": "16cb50a3-b6d6-4c1b-b8aa-f25438168365", "value": "32990" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485179", "to_ids": true, "type": "filename", "uuid": "a7216caf-9acd-4385-9976-89b0a4d15627", "value": "n1a86mm.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485179", "to_ids": false, "type": "text", "uuid": "284536c3-c404-47cc-8ade-dc8f0459d5ea", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/72\nFirst Submission:2026-01-15T08:25:34.000000+00:00\nLast Submission:2026-01-15T08:25:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489750", "uuid": "a30e1382-9fa8-45b5-a30f-2e9ede6e3a80", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489750", "to_ids": true, "type": "md5", "uuid": "d32ed9ec-693d-4fd2-bfc9-ffcae6ca0d24", "value": "f1b91ad94ab2594b823298618ff87716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486628", "to_ids": true, "type": "sha1", "uuid": "a63b4f24-bb0c-4d86-98a1-a03c1ad0c7af", "value": "f8f63c1c20bacc97925a9c86c6e4b887cdd11631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486628", "to_ids": true, "type": "sha256", "uuid": "1b9d9ac9-34f1-4fd0-8c0f-526e5c0c1f69", "value": "8bee97b8b8303cdcba30a30381ac8efc193219c063a63fd82b9eeaa96edab559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485200", "to_ids": true, "type": "ssdeep", "uuid": "eb699eba-69bb-4f20-8fba-5866af93bfae", "value": "384:jLR8vjFOMR3coIcSdHPUI57zWK6tTIHDpu3eisVWeakaoshLDdHYCFZP3lpmIMxp:nR8vjFOMvIcSPWT4vVPAZ1v7m71Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485200", "to_ids": false, "type": "size-in-bytes", "uuid": "e668d8a0-3534-47e1-a40b-36a1e140fb28", "value": "32990" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485200", "to_ids": true, "type": "filename", "uuid": "28d95315-646e-4466-8869-d966e6d63c8d", "value": "1oza5e3.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485200", "to_ids": false, "type": "text", "uuid": "9b7d8005-9fa4-4cde-ab67-7eae3836ec00", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/72\nFirst Submission:2026-01-15T08:26:02.000000+00:00\nLast Submission:2026-01-15T08:26:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489771", "uuid": "1fc747b9-2b6f-442b-841f-ba34bf509b32", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489771", "to_ids": true, "type": "md5", "uuid": "273706a8-6af2-46fa-80db-a64daa5d4d72", "value": "fdb03d8dd4c4b1f3a8a5e398125c3a12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486629", "to_ids": true, "type": "sha1", "uuid": "74420818-f1d6-4775-b537-8fcd5c409727", "value": "961c4c69cfaca6f085a67cd5ee3a4b7b5dc4422f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486629", "to_ids": true, "type": "sha256", "uuid": "06b49865-21ee-4a7d-8190-fff043faab22", "value": "7bba0bcd5c0eb4be1bf21c85c42d08adbba8ed199c723fd76af1260b6a342603", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485223", "to_ids": true, "type": "ssdeep", "uuid": "b8095b49-fb01-483a-9b9a-fd9a264ee00c", "value": "768:NtMQY3Q0ndwgbvadASMI4y6bFf9Ym0OMhZ3xgL:/1Y3Q2qOvWuI4yeFf9YrOMv6L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485223", "to_ids": false, "type": "size-in-bytes", "uuid": "cb77bccb-c6d8-4970-b6e1-3a592a5a2b5c", "value": "37230" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485223", "to_ids": true, "type": "filename", "uuid": "ea69f988-3ec1-47b5-b381-65027a952a93", "value": "1erqmlg43.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485223", "to_ids": false, "type": "text", "uuid": "f846a031-4ff5-4d38-a858-cb0003ce3354", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/XWormRAT.J!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-15T08:25:18.000000+00:00\nLast Submission:2026-01-15T08:25:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489792", "uuid": "3f5548d0-c59f-426e-bae4-655747e209cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489792", "to_ids": true, "type": "md5", "uuid": "3756cd2a-76bf-4abe-9937-57c9d01d5e8f", "value": "2ad957466b97db85c77cbd15eec7d0ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486630", "to_ids": true, "type": "sha1", "uuid": "859036b6-d173-4f85-ac82-819ee2d9c390", "value": "0fa5b16ed45922637cdaadca8082e329b8775732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486630", "to_ids": true, "type": "sha256", "uuid": "e971c831-b60c-46d4-83df-94ab72e6ed5b", "value": "010e0ba1b2bd82c05bb8a9d25f0f107c62307e45289c7141edc1eade3be9a48b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485266", "to_ids": true, "type": "ssdeep", "uuid": "3f605d1b-d3bf-447e-aeb8-91611bbad7a0", "value": "768:T4smdSPYrZ6l980V66/k9++BbgM2jDBSGRpz1y96BC//nqibcscy7e4V+2Q:T4rdSQrQWUp0brMU96I/PqAxcy7eO+2Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485266", "to_ids": false, "type": "size-in-bytes", "uuid": "3b6b337a-3530-4381-a18c-986243990ce7", "value": "48272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485266", "to_ids": true, "type": "filename", "uuid": "021c47bd-2689-4730-bbe2-39ab08cf9cd5", "value": "johnxworm3.1.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485266", "to_ids": false, "type": "text", "uuid": "4bf41ea6-00c0-467d-8d1d-d748a48737aa", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:21/62\nFirst Submission:2026-01-15T08:25:29.000000+00:00\nLast Submission:2026-01-15T08:25:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489813", "uuid": "24a49814-89a0-4e45-9733-985b1a81b381", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489813", "to_ids": true, "type": "md5", "uuid": "06a02d40-a82f-4af7-8629-8b460710d262", "value": "588a73f74de4414d54c2ccadc4e521ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486631", "to_ids": true, "type": "sha1", "uuid": "56ab78e1-a935-4cc2-b10d-0f4af7c460c7", "value": "1e832ae194be28692c669b9a3f5a5255d3022b5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486631", "to_ids": true, "type": "sha256", "uuid": "5c236d2e-620e-4f77-9174-480392069077", "value": "f6154f5cde9d8b8786cf1a5667c8a8178405b68960a1c2675d82fd275cc4be2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485309", "to_ids": true, "type": "ssdeep", "uuid": "632c8aec-7f14-44a6-a6da-dbd6e1259b21", "value": "768:CaeZorw+CEVK1+VQGygBeF79WgO+hhF7X:CtZo5CB1+eF79WgO+/1X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485309", "to_ids": false, "type": "size-in-bytes", "uuid": "4e52ab14-e54d-4ce1-b77a-8a29cd3b3bce", "value": "39936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485309", "to_ids": true, "type": "vhash", "uuid": "2d9fe290-f303-4fb7-b9ca-213c1336a189", "value": "23403655151180772f110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485309", "to_ids": true, "type": "filename", "uuid": "458e1dbf-4f21-4e0f-ac59-f061cd07ca17", "value": "XClient.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485309", "to_ids": false, "type": "text", "uuid": "8604c533-f850-4e21-9ac3-e38f59d9df88", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:55/71\nFirst Submission:2026-01-09T16:14:15.000000+00:00\nLast Submission:2026-01-09T16:14:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489834", "uuid": "d43b2e43-45b9-4172-a304-7822c8a5f0ad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489834", "to_ids": true, "type": "md5", "uuid": "341d6c66-4159-4cfc-9278-60fe1fa36381", "value": "9b0a8e7e92961f070ab4ade90b854777", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486632", "to_ids": true, "type": "sha1", "uuid": "191713f3-8158-4492-98c2-27dff0f974b1", "value": "1fb396bbf73735b90e521eb5534c97d5cc049d99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486632", "to_ids": true, "type": "sha256", "uuid": "2f1242bf-32b5-4bae-bda8-53bd05eeca01", "value": "a5ee2b175671f2565011671d0160983843d82d15c170aae94fc1d04cb590f74b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485330", "to_ids": true, "type": "ssdeep", "uuid": "86e87b31-fe37-40d7-b7db-3b8c52e66c7b", "value": "12:PQtUBo9Fx6rlQNGftGeRmRpKtiVOBwaHXhcqNJk:PCUIcmGlGeRmmAVuhJXk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485330", "to_ids": false, "type": "size-in-bytes", "uuid": "2062e0f1-3472-4bdc-9237-841c489d4adb", "value": "391" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485330", "to_ids": true, "type": "vhash", "uuid": "684ba9a5-d55c-4436-b998-606887f55a49", "value": "1a3833750418c6183339c93503be2fb1" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 30/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485330", "to_ids": false, "type": "text", "uuid": "4f0415f9-fb7d-4704-b703-227302472be9", "value": "Type Description: HTML\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2026-01-10T21:15:39.000000+00:00\nLast Submission:2026-01-10T21:15:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489856", "uuid": "7feae61b-165f-481a-8928-aba027e1bd78", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489856", "to_ids": true, "type": "md5", "uuid": "2e942a34-e089-4163-a035-f548c33e52b1", "value": "c9e7db791972dd8ee0b07a57e25b1188", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486633", "to_ids": true, "type": "sha1", "uuid": "55ba4b46-fbb2-4c15-b971-3bd15fdaee22", "value": "274ed28bd083feb5600297a1728a4063d6b415ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486633", "to_ids": true, "type": "sha256", "uuid": "adfb3dce-4786-4496-99fe-c7eac07aea2e", "value": "65fe90369a4e56e2c3337000cb64dbfe69fe4b2e4c7183d4b1abc44d4c82a8eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485353", "to_ids": true, "type": "ssdeep", "uuid": "3ec1798b-423f-4de8-894c-186a6357bb07", "value": "384:s9Ittn3jMbDXXqa12JdM8bztMoQybeb0iREosBRIis:eIXn3jMHa5D5M9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485353", "to_ids": false, "type": "size-in-bytes", "uuid": "9ed8a57d-8701-4531-91c3-5fa17d77a834", "value": "48213" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485353", "to_ids": true, "type": "vhash", "uuid": "180ce180-63da-46eb-9a8d-3d558a3324a7", "value": "e126aa6b9d635627c63d766bf430593c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485353", "to_ids": true, "type": "filename", "uuid": "7119b8f5-d486-4b6a-a198-ae86ecc70f4b", "value": "300ff.vbs" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485353", "to_ids": false, "type": "text", "uuid": "bd6a77bc-38d7-4254-b39b-50eb118bd72a", "value": "Type Description: VBA\nMicrosoft: None\nVT Total Detection:25/62\nFirst Submission:2026-01-10T18:57:33.000000+00:00\nLast Submission:2026-01-10T18:57:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489877", "uuid": "f4275eeb-d37a-4b50-8663-0a03c39ca515", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489877", "to_ids": true, "type": "md5", "uuid": "6d6b48af-942b-4327-8fc5-7e029b135ab2", "value": "e82e69472b1b33ad0a35cc5459d06064", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486634", "to_ids": true, "type": "sha1", "uuid": "8fcb4271-f8a2-42ef-99f9-f6ef4c3a9146", "value": "2d7114685313f9a6045ccb19c2a4d194398d567b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486634", "to_ids": true, "type": "sha256", "uuid": "55193f61-58bd-4745-94cd-2d260bdf2e48", "value": "26099588f6f91b168f33b26e3aa6025655dbe6bca1030185a20f2064a5910149", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485374", "to_ids": true, "type": "ssdeep", "uuid": "a96e448a-6fa8-47e6-a5d3-928138666ee6", "value": "1536:3xCjGCrcYAsCPiQK0sx/7To9LxxC/99+2f:3xuGs2iQeo8/99+2f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485374", "to_ids": false, "type": "size-in-bytes", "uuid": "dada2cdf-4498-4de4-b927-6c77555b1791", "value": "53136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485374", "to_ids": true, "type": "filename", "uuid": "87be46b9-58f3-48d4-a1ad-0415f34da7ca", "value": "manadanaxworm.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485374", "to_ids": false, "type": "text", "uuid": "a40bfcc2-4fe8-4386-9263-ccf2124d4613", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:19/62\nFirst Submission:2026-01-15T08:26:18.000000+00:00\nLast Submission:2026-01-15T08:26:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489898", "uuid": "96f04464-3896-4c28-a8f5-b379ca77ba0e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489898", "to_ids": true, "type": "md5", "uuid": "e0700fb1-24c4-43be-aa2d-83c36bae8ed8", "value": "20cc0d5f32964799e6b1b218927a33e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486634", "to_ids": true, "type": "sha1", "uuid": "8d6f322d-983a-424c-813a-82df854f9b81", "value": "314b42be5ce942dd1c3d0bddb0cc6e0cdcb1acad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486635", "to_ids": true, "type": "sha256", "uuid": "436e8635-d525-43ee-993e-3672b504cd21", "value": "0a37c895078cfdabebb3fdc89480925865d22bac983ff23d2107901131055cc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485396", "to_ids": true, "type": "ssdeep", "uuid": "be9125bb-175f-41f1-9226-c6a5f6cd8090", "value": "96:iK+WEPbpzIyvxtS5PewIQCsZlqsVta7MUdrJ7bCQEcN4njCkVfka:6NeyuZe9pUssVE7T9tfES4j3Vfka" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485396", "to_ids": false, "type": "size-in-bytes", "uuid": "72d6f71f-a05c-4f15-a944-375389f4d544", "value": "5369" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485396", "to_ids": true, "type": "filename", "uuid": "cf7285e7-a1b0-4f5a-95e9-a81e9340adff", "value": "44rrr.bat" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485396", "to_ids": false, "type": "text", "uuid": "e1834b07-209b-4e63-a174-9d2e3bea5aa7", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:20/62\nFirst Submission:2026-01-10T19:03:40.000000+00:00\nLast Submission:2026-01-10T19:03:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489919", "uuid": "47bfd4d6-3e0e-42bc-a5ff-2efd41c476b7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489919", "to_ids": true, "type": "md5", "uuid": "904fd18a-ef0d-42d0-8493-76a7637e32b4", "value": "b3527b46d4e275b3f85631f827fda03b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486636", "to_ids": true, "type": "sha1", "uuid": "6c4ef511-eecc-4cb6-9336-ac75a65d134d", "value": "3aef7e2d1baa433579b644a81fc080c541f3e7d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486636", "to_ids": true, "type": "sha256", "uuid": "50d6cfd4-cb93-4a69-b3b3-86d2c0540273", "value": "0b1f6abed1e4d78bf0bccc60204a87b397911d008910329b23560c6d6306b8a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485418", "to_ids": true, "type": "ssdeep", "uuid": "e912928f-3e7c-4f2a-bf3e-5622492ddf10", "value": "768:hinCRUwll86bjzOxIRRYNAED4OKROALx97KKOrJqWDwhfCA18Fgc2Obzf:gzE1bjzO64yED4BRVrKKOrJqW+CZbzf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485418", "to_ids": false, "type": "size-in-bytes", "uuid": "6748787a-fc5d-4f72-bb7c-6243e1637940", "value": "43996" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485418", "to_ids": true, "type": "filename", "uuid": "3379386f-304c-4844-8f56-2d4fea5b47e7", "value": "johnny2.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485418", "to_ids": false, "type": "text", "uuid": "950d5d4c-af57-43d0-873b-40ca73f375c2", "value": "Type Description: JavaScript\nMicrosoft: None\nVT Total Detection:19/62\nFirst Submission:2026-01-15T08:40:24.000000+00:00\nLast Submission:2026-01-15T08:40:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489941", "uuid": "c127fb86-aafa-4e56-b732-1b730fc0cd28", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489941", "to_ids": true, "type": "md5", "uuid": "abaaa9ea-ab01-4b85-ad22-d3aa587d65c0", "value": "3e74df46fead85afec3b42f9e0126894", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486637", "to_ids": true, "type": "sha1", "uuid": "18b30639-e508-4101-851b-3ee56ba549fb", "value": "40634fc36fbe0d2903a9ac319ff7fd22ce4a7ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486637", "to_ids": true, "type": "sha256", "uuid": "77a08895-ea78-4b1c-ba42-2c26540f25f4", "value": "7add39c43e89c1c42a417ae9b9e224a896f31e85c6cb7b3082d8758a15bb1b77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485439", "to_ids": true, "type": "ssdeep", "uuid": "97a39d97-7c98-4fda-b8d9-c4a0f6fd2461", "value": "384:UKojCcQ/qxKQnouM5Nj5moC5bZL3bspJmsG/K9zHn0VgtFMAmNLToZw/RZCvK9IS:UjGsxnjl3bhlC9bVFQ9iIO6hhuvS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485439", "to_ids": false, "type": "size-in-bytes", "uuid": "997531f2-fb71-4a72-bf6b-f5e236d97bb4", "value": "36203" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485439", "to_ids": true, "type": "filename", "uuid": "88d3a055-9d00-4162-9a6b-21de98b92cee", "value": "zr2sn3zh.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 02/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485439", "to_ids": false, "type": "text", "uuid": "4ff7d028-14d6-4650-8082-fa2328525756", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:39/71\nFirst Submission:2026-01-15T08:26:03.000000+00:00\nLast Submission:2026-01-15T08:26:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489962", "uuid": "449d99eb-9d89-46d5-ac37-de877c964958", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489962", "to_ids": true, "type": "md5", "uuid": "df050998-bd4d-4cad-92c8-9dea12c05cca", "value": "41e698c10ca4cc0422e689f98537f4fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486637", "to_ids": true, "type": "sha1", "uuid": "c79b0f7a-be61-43af-a76b-bd2e795f7d7c", "value": "4e23a77ec70a27941be891433cff5b56d290d8b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486638", "to_ids": true, "type": "sha256", "uuid": "e6b157aa-248d-4d20-9514-7ef509a7e879", "value": "6520c9dac287e416acadc4793c21bd5f1412939f82b5805604af109e8515534d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485482", "to_ids": true, "type": "ssdeep", "uuid": "e9a9e180-27e7-43f7-b530-cb444c50ecd9", "value": "768:UxD6wYquvbzfwlJvG7/YqA9vsCP7pkYeDIOgJuzazqeWlR4hw7IGiWiQgFGdM+V9:u6zqwzch7leVgr+nbYEH7gFGdM+V9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485482", "to_ids": false, "type": "size-in-bytes", "uuid": "7a7eaf35-1024-4dd1-bfa0-76d49253abee", "value": "49155" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485482", "to_ids": true, "type": "filename", "uuid": "f3aa489f-9a8e-4c7c-9c1e-a4b612858dce", "value": "munibxworm.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485482", "to_ids": false, "type": "text", "uuid": "f5ca75a4-bd25-431a-a9c3-225cc947474e", "value": "Type Description: Powershell\nMicrosoft: None\nVT Total Detection:19/62\nFirst Submission:2026-01-09T16:14:28.000000+00:00\nLast Submission:2026-01-09T16:14:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775489983", "uuid": "3e424dce-89a8-4872-ad40-586d81fea3dd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775489983", "to_ids": true, "type": "md5", "uuid": "accebb2c-cf53-4c29-9936-8cdb56b75f94", "value": "cb66d7ad5c55aecc57095eb50cb4e4db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486638", "to_ids": true, "type": "sha1", "uuid": "c5d9fcf0-f78a-4bde-b018-0612d0173c3b", "value": "51b25f39a4367484c673a2bce38efd95de1cbbd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486638", "to_ids": true, "type": "sha256", "uuid": "ef490f1a-a5b4-4c33-84ea-c7caf959c83f", "value": "5be908140be60dd24209ee81e27250d51096c4b72b020b77410bfd37d99fa321", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485504", "to_ids": true, "type": "ssdeep", "uuid": "15c11e0a-40c5-4bbf-b325-71cb19ca0b78", "value": "768:nqQq3QWIdhgbvHzASLKyxbFf9Y4dOMhc3XP4:nPq3QnbOvTVKyBFf9YcOMSP4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485504", "to_ids": false, "type": "size-in-bytes", "uuid": "fe70327d-90a5-4f77-b814-29421e0a4859", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485504", "to_ids": true, "type": "vhash", "uuid": "0248afdc-dd76-407f-bc23-4f5b88baf942", "value": "23403655151170772b110020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485504", "to_ids": true, "type": "filename", "uuid": "89c064d9-2755-4b55-94fb-d638dde8d561", "value": "21Octwork.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485504", "to_ids": false, "type": "text", "uuid": "2ec400c3-58b2-46bc-899f-11cc4e2d4c5c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AsyncRAT!atmn\nVT Total Detection:59/71\nFirst Submission:2026-01-09T16:14:37.000000+00:00\nLast Submission:2026-01-09T16:14:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490004", "uuid": "10c09d0f-fae6-43dc-90b1-6cb9598a7d2a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490004", "to_ids": true, "type": "md5", "uuid": "45217a52-9c08-4327-b5bc-4bc5b41809ca", "value": "86cf1584933ae0781f53ccc5be2a7f98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486639", "to_ids": true, "type": "sha1", "uuid": "24a1a30b-571e-4b60-b18c-31dc9e2cf4fa", "value": "63a7cc185c023c2e52519df9aa530fb2c35a2d8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486639", "to_ids": true, "type": "sha256", "uuid": "12927180-b01b-4fd9-bd71-8b051cf3a318", "value": "57665e1a15f598c31cb632d0886799bca16c95f42f8bcc937d4414679d8b3629", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485526", "to_ids": true, "type": "ssdeep", "uuid": "e991ad5f-8139-4514-a8bb-58ef60a91dba", "value": "3072:nmFmhPe8Yx57dZCa8BN3I2UoWqRi5BfYo6zARYUU+jVFk:zhPe8YX7doaVFq+WooAQ+jVFk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485526", "to_ids": false, "type": "size-in-bytes", "uuid": "79e85c42-5fc9-4187-a64e-4c2911a71f08", "value": "143850" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485526", "to_ids": true, "type": "filename", "uuid": "b876d60f-47c2-418c-bb47-4327fc114087", "value": "1aaaaannnov24.py" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 02/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485526", "to_ids": false, "type": "text", "uuid": "2ab0b363-22a8-440e-882a-8a22a93b00f7", "value": "Type Description: Python\nMicrosoft: Trojan:Python/ShellcodeRunner.SLPQ!MTB\nVT Total Detection:26/62\nFirst Submission:2025-11-25T16:14:32.000000+00:00\nLast Submission:2025-11-25T16:14:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490025", "uuid": "614cd931-488c-44c5-b7c8-56a9bfa7a11f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490025", "to_ids": true, "type": "md5", "uuid": "7e774710-5464-4b88-8159-350d5fd6bdec", "value": "8edc85b4d15d00d29a1edf3052da0560", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486640", "to_ids": true, "type": "sha1", "uuid": "b5afd521-336c-4de2-b803-38dd47c239c8", "value": "77429c27de47d09ac51bc4c5f44329fe823ad01c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486640", "to_ids": true, "type": "sha256", "uuid": "53093ffd-db63-48af-a982-f3f3a7605fe1", "value": "2c0c22913638f78ed7fac412d4ab808235ab9f267507c6faf53d2674418df8a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485548", "to_ids": true, "type": "ssdeep", "uuid": "2f763680-3aa3-4916-a7f3-1d4e9a97b92c", "value": "24576:kB+mPbrEWQdJojP+BmEiZ+gWCY+9CQs42yG8EXl+rqDRGVBicB3C7zv7tYk9DLSu:kfvEW0o/JY+v2yG8EXl+rERYA7RLSu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485548", "to_ids": false, "type": "size-in-bytes", "uuid": "2b2dbd0b-55d6-4932-bc62-9aa0552e607b", "value": "3888128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485548", "to_ids": true, "type": "vhash", "uuid": "7ae751d1-d8b7-4c7f-9f4c-783bfc22c36b", "value": "33603655151ff16544ffffaa3d6f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485548", "to_ids": true, "type": "filename", "uuid": "e057b9e7-343d-478f-8bd9-c7c833f1f34e", "value": "Microsoft.Win32.TaskScheduler.dll" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 02/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485548", "to_ids": false, "type": "text", "uuid": "ce50f962-9d35-47a4-87a3-b81e5f6a411c", "value": "Type Description: Win32 DLL\nMicrosoft: Backdoor:MSIL/Caminho.AR!AMTB\nVT Total Detection:48/71\nFirst Submission:2025-10-31T02:28:24.000000+00:00\nLast Submission:2025-10-31T06:33:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490046", "uuid": "d2fce2d9-8e72-49ed-9bf1-788f81a1cd36", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490046", "to_ids": true, "type": "md5", "uuid": "b1856003-4f62-4e61-b471-b5cf7194d7ae", "value": "d76f5631d55f301608ca14b38d282e02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486642", "to_ids": true, "type": "sha1", "uuid": "f0fa67be-ab48-4704-9510-a068e695abe3", "value": "810afcebb23642b681d151a81fdcca3fcc43f96a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486642", "to_ids": true, "type": "sha256", "uuid": "3e6633f2-74a4-4015-abec-4a1ae111bc14", "value": "04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485569", "to_ids": true, "type": "ssdeep", "uuid": "ebc94ad2-b415-48a4-a033-647f0e892010", "value": "48:4othnooOT1/qVbqdGIVp4NWjORVFQ55AsybKpGbDtzD1thJYERaSuXWB6:dn584VbqdTp4jZvsybKYb1lJYEa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485569", "to_ids": false, "type": "size-in-bytes", "uuid": "10a625ce-df4d-4ee7-b65a-95c95c9b177d", "value": "3002" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485569", "to_ids": true, "type": "filename", "uuid": "698a75fd-dfd4-41e8-b2ec-6d20fd786332", "value": "100-offline-sprite.png" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 04/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485569", "to_ids": false, "type": "text", "uuid": "ac98e1f4-8b91-46d9-8bcb-c3a99501abb0", "value": "Type Description: PNG\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2021-06-10T06:06:27.000000+00:00\nLast Submission:2026-03-25T15:02:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490069", "uuid": "428e74bf-a92d-434e-a8c8-6b4f40f9b575", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490069", "to_ids": true, "type": "md5", "uuid": "76fead0f-0665-401a-b2b6-9a58a0ab28c2", "value": "f349ec6b824c6ab5ec852978d4a0cc2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486643", "to_ids": true, "type": "sha1", "uuid": "a10f3b7e-7549-44e3-a905-031c0491b5a5", "value": "84fdff23b056633b43cc7375d792c4c100a606ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486643", "to_ids": true, "type": "sha256", "uuid": "b023d53f-ecc2-4db6-b4f7-ecb08a5868d2", "value": "28ce463764b35a4656ec8ed7e03bf89dfc1fe0362e1266620b8d5e913b9a2926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485591", "to_ids": true, "type": "ssdeep", "uuid": "fe568518-94bc-4232-a66d-2566ae06813f", "value": "768:hinCRU3etgJ6bjzOxIRRYNA2eNOKJHI1fg0DiAFR+RNZ+fDy1+xl5tob7oFhef:gzArbjzO64y2eNBJ8ICiAFR+RqDdob7z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485591", "to_ids": false, "type": "size-in-bytes", "uuid": "dff35209-3788-46f2-a7c5-471f41fcec18", "value": "43988" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485591", "to_ids": true, "type": "filename", "uuid": "b130957d-8862-4d79-bacd-a0f213459d67", "value": "johnny3.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485591", "to_ids": false, "type": "text", "uuid": "c75c27d3-0915-4a20-90e8-5bceb6d6a5bb", "value": "Type Description: JavaScript\nMicrosoft: None\nVT Total Detection:20/62\nFirst Submission:2026-01-15T08:25:22.000000+00:00\nLast Submission:2026-01-15T08:25:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490090", "uuid": "84c8d13e-cd9f-40e1-9c71-8181f8eb11ff", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490090", "to_ids": true, "type": "md5", "uuid": "8dd9a9f9-b8b6-4ce1-80ab-f1d611ea9425", "value": "ed218d18fa58e9cb37fe362763d5a246", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486644", "to_ids": true, "type": "sha1", "uuid": "5690647b-d8c8-4558-8b98-b55dc935a7b8", "value": "86746d0ad3acfa0e90b7691ccf675dd57af40013", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486644", "to_ids": true, "type": "sha256", "uuid": "2582c4dc-78b6-4fc1-a6de-6c0395895545", "value": "701573960dd6c2bc251efc26815d3a19c7e9a5a16dfd538915a9b75443492b4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485613", "to_ids": true, "type": "ssdeep", "uuid": "92ab9223-dc7b-491f-941a-25a3f27b2eeb", "value": "12288:smmEXhe7R9ubKYcX1knn4gzHoS6oQ5Mt6w/j:s/ERWR9ubKYdnn4gzoS6t5I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485613", "to_ids": false, "type": "size-in-bytes", "uuid": "d28a3fdb-9774-4c09-b2a2-2816a8ef30db", "value": "615424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485613", "to_ids": true, "type": "vhash", "uuid": "eff7ad97-1226-4058-8b9c-0f907025f4ed", "value": "065066655d1555155225za00ae7z37z403022c1z40a117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485613", "to_ids": true, "type": "filename", "uuid": "e0976a5b-6d27-433e-8897-fc46593ea18f", "value": "2026-01-11_ed218d18fa58e9cb37fe362763d5a246_cobalt-strike_coinminer_icedid_njrat_remcos_vidar" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 31/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485613", "to_ids": false, "type": "text", "uuid": "d12a4246-66f0-4f96-bf58-5892ddf2b864", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Remcos.GA!MTB\nVT Total Detection:55/71\nFirst Submission:2026-01-09T15:40:45.000000+00:00\nLast Submission:2026-01-11T12:12:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490111", "uuid": "63ae7c59-c0c4-4f11-a892-7a331d9753c5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490111", "to_ids": true, "type": "md5", "uuid": "d91c823f-39fb-4193-b83d-8d3208f636a7", "value": "42fc8cd9a443afad18082a067ec40738", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486645", "to_ids": true, "type": "sha1", "uuid": "b6a3b70d-0920-4d0e-b2c5-60a775e9bed2", "value": "905578853c8880da35d97e599cb0168cf3bf74f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486645", "to_ids": true, "type": "sha256", "uuid": "d465e8d9-89cc-4a4e-a6db-5af8fce45ad7", "value": "648edb5364ac3a9fbc23b24668e41870e17aba04a6205a0fcf28e9f17c23feb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485635", "to_ids": true, "type": "ssdeep", "uuid": "abcac06b-cd9c-4e1c-88b9-47ea1cb71670", "value": "1536:ihLXji2PNwUjPopXM8WzJum6wuhKcGMFR0NhoxOkk:6nFkk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485635", "to_ids": false, "type": "size-in-bytes", "uuid": "ca601614-8619-4e1c-ba6c-4b1241756cc3", "value": "77692" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485635", "to_ids": true, "type": "vhash", "uuid": "3b5be2a6-d993-4528-a4da-d89a199038f4", "value": "7f9521438ca0ff33424ae5bf1619ef1c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485635", "to_ids": true, "type": "filename", "uuid": "6c4f0694-2ed5-4914-99e6-f5a7625d6899", "value": "700ff.vbs" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485635", "to_ids": false, "type": "text", "uuid": "35becf94-020c-40f8-8205-f1176cdba0eb", "value": "Type Description: VBA\nMicrosoft: None\nVT Total Detection:29/62\nFirst Submission:2026-01-10T18:57:45.000000+00:00\nLast Submission:2026-01-10T18:57:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490132", "uuid": "08e3b98a-970d-438d-bab8-0c6333d657b9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490132", "to_ids": true, "type": "md5", "uuid": "0f226979-4171-4068-980c-65ddf1739eb7", "value": "4f90b48e654172a20385492de447b04b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486647", "to_ids": true, "type": "sha1", "uuid": "2ef581a1-f759-4351-8dba-1afa66b14723", "value": "98cdfb464d8a98e07479909dd1db04eec849e94e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486647", "to_ids": true, "type": "sha256", "uuid": "bf7783db-a637-46a0-aeff-37d83205a3d0", "value": "08a0809e839c96d251fa60ceb3a8c0155896d184d548f7f8845648942aeab65d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485656", "to_ids": true, "type": "ssdeep", "uuid": "8fc90db8-0452-4987-8ecb-55c21083f5ee", "value": "6:5jG1kbWAfK61z3UJJj3pgG9LO3AvTJ9aRetWHWxWWFs3G1koiAfK6Wt+ln/:5jG1k7TKT9rGAbJietld1k2TWtan/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485656", "to_ids": false, "type": "size-in-bytes", "uuid": "597b20c1-8a25-4e1a-a2a3-b4020a611d62", "value": "347" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485656", "to_ids": true, "type": "vhash", "uuid": "17cf441d-b534-46ae-8eed-90b128ccb5f7", "value": "bcacd082c06db67f6a7dff525da6f462" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485656", "to_ids": true, "type": "filename", "uuid": "c912704a-c2c3-465b-a013-bb486a61cbf1", "value": "Invoice-JL1852586776.pdf.zip" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485656", "to_ids": false, "type": "text", "uuid": "31dc6eca-7579-41cd-bbea-544c22fb6b68", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:7/67\nFirst Submission:2025-12-22T15:52:26.000000+00:00\nLast Submission:2026-01-10T19:04:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490153", "uuid": "d1b1f70a-43cd-4f03-83ae-7a931c14fec3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490153", "to_ids": true, "type": "md5", "uuid": "7465a0cc-a92b-46f6-8b3e-027977e48f69", "value": "f057440cbdcc30ac7ad9a4059cbe7ded", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486648", "to_ids": true, "type": "sha1", "uuid": "f236b552-2098-4ff2-b92f-19f117f85710", "value": "9b90e2c49b52620531a75d4f23dd48da25670e03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486648", "to_ids": true, "type": "sha256", "uuid": "70fc1b56-91ee-4f7f-9318-6619fb451274", "value": "a96546f5f93bc56da062feff070bb70c1275c4a9ba0fab6a43db8a656b78bb5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485678", "to_ids": true, "type": "ssdeep", "uuid": "d6d53d79-f999-4113-81dd-610c35f40061", "value": "393216:JXRcBVFq2sqklve8n2Df8kY3ucN6Os2Ly+ugmgnhtbudvp:7c9q5lGfDf8Nuc82BugmghZuP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485678", "to_ids": false, "type": "size-in-bytes", "uuid": "cc18b0c1-05fd-45cc-a6a7-d29dec7fd706", "value": "15919783" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485678", "to_ids": true, "type": "vhash", "uuid": "133060f2-d121-4f3b-b2ae-f2b78d72d5eb", "value": "5af16a6244d1a9bb1c3b6782226a33dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485678", "to_ids": true, "type": "filename", "uuid": "9d512356-b6cc-4079-9a26-abb428ae9563", "value": "1Jan12ST.zip" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485678", "to_ids": false, "type": "text", "uuid": "e26ec40a-1ee8-4fd2-b412-e34e737521f4", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:26/69\nFirst Submission:2026-01-12T23:18:02.000000+00:00\nLast Submission:2026-01-12T23:18:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490175", "uuid": "3565eb02-18e1-4ae9-9e36-1e583544e8c4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490175", "to_ids": true, "type": "md5", "uuid": "71adc5ac-b8d9-4447-a7a8-46de229e114c", "value": "d60bee4a2e5a60e1ad0afa51ab627b5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486649", "to_ids": true, "type": "sha1", "uuid": "8a59a52e-2e54-4d2f-8ac0-04745e913cfb", "value": "a4a3d9ac1df13736a29a615fc86b5f3835aba11d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486649", "to_ids": true, "type": "sha256", "uuid": "e345ff72-ffc6-42ad-bcd5-ca03cce9faa1", "value": "468ef8ce13a03ee189e9391589172486afc90b9e41cee55f1d0d6dd42735e3be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485743", "to_ids": true, "type": "ssdeep", "uuid": "bc8e5d8e-b673-4bc4-b981-6e5356759b83", "value": "49152:8UixbItdTrJoFVPMvXGU0XNmis8Ksq2L0p:7iBI/JoFdMPGO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485743", "to_ids": false, "type": "size-in-bytes", "uuid": "b603e0c3-afa4-4dfd-ab8e-b5e35a9bebf6", "value": "6574940" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485743", "to_ids": true, "type": "filename", "uuid": "af8037d1-4cf3-46d1-8d04-baff34824718", "value": "optimized_MSI.png" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485743", "to_ids": false, "type": "text", "uuid": "9f178d65-d34a-4afc-9495-0453c2f4d2bb", "value": "Type Description: JPEG\nMicrosoft: None\nVT Total Detection:9/61\nFirst Submission:2025-10-31T02:26:32.000000+00:00\nLast Submission:2025-11-26T06:44:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490196", "uuid": "ae7e9b39-f180-47b7-a976-8409e2e74049", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490196", "to_ids": true, "type": "md5", "uuid": "434f5d0f-e831-4cc3-a95f-ea6e89ea2c46", "value": "1c6aee9ed38182a545c4ea7068e552a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486651", "to_ids": true, "type": "sha1", "uuid": "2d5cd071-cf04-4c22-8505-a9da2380839c", "value": "a5513a9367daf2dbb780d17f2a9302686c7ad3d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486651", "to_ids": true, "type": "sha256", "uuid": "46d8fa39-6121-4662-9bfb-7de1c3f7ae4c", "value": "87286e3c67d401132f900fc013ed70e5cf9ebb375b0f66abad9f836286ec891b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485765", "to_ids": true, "type": "ssdeep", "uuid": "33f482eb-5842-4842-b8d2-322fce89fdaa", "value": "6144:84KSHCPA1f4dwk7HSHZwGc9ZMGElTWdknWtofAK7EESZZi7tGgJ0/fe+U:7YKADO2jMCdmdvSZZwJuU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485765", "to_ids": false, "type": "size-in-bytes", "uuid": "660d4bd3-8246-4599-9692-074885c64890", "value": "249859" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485765", "to_ids": true, "type": "filename", "uuid": "8e5bb0d8-7ab5-4480-8275-5111dbd0c123", "value": "VortexMalwareClipperStubStartupapihost.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485765", "to_ids": false, "type": "text", "uuid": "e7de2033-57cf-47ad-8005-8f0490c14642", "value": "Type Description: Powershell\nMicrosoft: None\nVT Total Detection:17/62\nFirst Submission:2026-01-09T16:14:49.000000+00:00\nLast Submission:2026-01-09T16:14:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490218", "uuid": "8bb05ceb-3833-49a7-a48e-1fc0380a68ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490218", "to_ids": true, "type": "md5", "uuid": "69d441d4-52c6-4a7e-9122-bbab9debc598", "value": "493f00a3d43bcc2b9579377293da858f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486652", "to_ids": true, "type": "sha1", "uuid": "6c1178d0-d18d-4999-8545-2acd32199b92", "value": "a55d61fb7fe814afeab4f4d7f42be4cf60609414", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486652", "to_ids": true, "type": "sha256", "uuid": "0a238456-ed08-40af-bca3-1b3ada442e42", "value": "9f51c0ab6493cf77259dfa01616f539aa933c567a24b8d27391548f84a79104e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485787", "to_ids": true, "type": "ssdeep", "uuid": "a2b6eee4-54f6-4b52-a88c-5179e23554ab", "value": "192:k3pkZo+xg6q3sra4UkMMzxAlB5A+VecylCCxKX0pJu7Uwrd1:lxg6C4lMUAr5A+DyLKEHoUwrd1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485787", "to_ids": false, "type": "size-in-bytes", "uuid": "4c981d17-32cd-4762-8230-f6a6908f876f", "value": "15360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485787", "to_ids": true, "type": "vhash", "uuid": "6a1081d5-c312-49f1-b78b-fec329054606", "value": "31403615151e083770020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485787", "to_ids": true, "type": "filename", "uuid": "8ed83a82-65b6-4544-93bf-89a8078e6854", "value": "UAC.dll" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485787", "to_ids": false, "type": "text", "uuid": "1315bd5e-3f18-45a0-9f10-c0be602514d5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:32/72\nFirst Submission:2025-11-03T07:13:12.000000+00:00\nLast Submission:2025-11-03T07:13:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490239", "uuid": "a65f0fb4-8729-408c-af58-3cb34fa94f26", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490239", "to_ids": true, "type": "md5", "uuid": "423823e5-a6f0-47da-a97d-09fc858c8559", "value": "64056d2f3bc21a45e4ab8742a904786b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486652", "to_ids": true, "type": "sha1", "uuid": "3a2b1e9d-db7e-4a47-bf95-00704f4ca0a6", "value": "a97f124854c8ddd7b52a7669a51c22b7a021ee78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486652", "to_ids": true, "type": "sha256", "uuid": "49398bed-06f8-44fc-8ac4-80fb65d73ec5", "value": "364cf1fc5d729fd4cb8d52bfe86109545d6ce574fe6b121b8643d8de06f445b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485808", "to_ids": true, "type": "ssdeep", "uuid": "c94f96d6-cef2-484e-b609-910265e59425", "value": "12288:GhHUGtpn0YCusX4OPvkr8ySolRHeIkJZw9YS8SmInoj0jVFk:W1DbCb4Qkngw9YS87GQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485808", "to_ids": false, "type": "size-in-bytes", "uuid": "3268ff12-78c3-46ee-873b-b4100329c8d6", "value": "499522" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485808", "to_ids": true, "type": "filename", "uuid": "5563b6dc-6149-4676-86a0-0190c5a351da", "value": "1hvvvnov24.py" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 02/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485808", "to_ids": false, "type": "text", "uuid": "04de763f-c1f7-4d21-8347-9e84b6fa40df", "value": "Type Description: Python\nMicrosoft: Trojan:Python/ShellcodeRunner.SLPQ!MTB\nVT Total Detection:28/62\nFirst Submission:2025-11-25T16:14:22.000000+00:00\nLast Submission:2025-11-25T16:14:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490260", "uuid": "6ac0f192-ca2f-4091-995f-8f4b5dd3f5ba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490260", "to_ids": true, "type": "md5", "uuid": "0fbcd0da-fa9e-4d00-a1a0-890fb1b89c1c", "value": "8aa9d35d9026c19e82a9f200bf758e6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486653", "to_ids": true, "type": "sha1", "uuid": "f597dd19-2d31-4cf2-9063-d2abf7a316bb", "value": "bfc6dbb94f02f7a61145f86e550015f75d5829b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486653", "to_ids": true, "type": "sha256", "uuid": "705cd2c5-72d0-45a5-a16e-a9c40c4140f6", "value": "9d879a24e8e8206114f579e5ef89766c84cea43798b7a3c9fb0b56e3f2944736", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485830", "to_ids": true, "type": "ssdeep", "uuid": "31149863-596c-4ef6-bd77-0d06ad26e67e", "value": "48:3o/BfScA65fnfOfCrJxrMeVzNINsgTaP4cNUlgjg1NXt6swp9W/vz6cWz0f:3o/FJxMelNwm48W6Dsv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485830", "to_ids": false, "type": "size-in-bytes", "uuid": "8e63b48c-6e98-4a2c-b330-fe0ee9d54ddf", "value": "2761" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485830", "to_ids": true, "type": "vhash", "uuid": "c577fa3c-81ce-42d1-94c4-dc9dfa1db49f", "value": "c71fc238b4514ef350641110648d655a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485830", "to_ids": true, "type": "filename", "uuid": "fd30665d-9522-4460-b9a6-9ad0ee587a96", "value": "9d879a24e8e8206114f579e5ef89766c84cea43798b7a3c9fb0b56e3f2944736.bat" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 05/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485830", "to_ids": false, "type": "text", "uuid": "d817f8ff-5e7b-46e4-9cee-a5f8a3e0bbb9", "value": "Type Description: VBA\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/62\nFirst Submission:2026-01-06T18:07:18.000000+00:00\nLast Submission:2026-03-25T00:26:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490282", "uuid": "970b724b-0ccf-43de-9662-581c91ffeab0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490282", "to_ids": true, "type": "md5", "uuid": "3953510a-d0b1-4622-b36b-ae4f45bf8a75", "value": "0d925c700d6a629f832eda08c62081d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486655", "to_ids": true, "type": "sha1", "uuid": "bb6d8667-5604-4ea9-998c-3aef8476cb08", "value": "c214e2cde87d614daceb2cdcbf4ff88fa24a1d43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486655", "to_ids": true, "type": "sha256", "uuid": "b676f0b9-0481-4cac-9215-aac182894914", "value": "9f1dc3de09197454a76631d296337b2428b759d43399434b82493f1dedebb741", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485852", "to_ids": true, "type": "ssdeep", "uuid": "a93ea11e-0a6f-413c-8c7d-eaf7749fdb6c", "value": "24576:8+EhkjixLXR+bG/f29mFusqa+n0tkR5JoZh73VVPYDlJ0K3x0cGq:8UixbItdTrJoFVPMvXGq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485852", "to_ids": false, "type": "size-in-bytes", "uuid": "b2c363a2-f2c6-4b6d-81ae-c6c885410986", "value": "1411248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485852", "to_ids": true, "type": "filename", "uuid": "b61efc5d-59dc-4f26-bc59-a65438bbfffd", "value": "uac.png" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485852", "to_ids": false, "type": "text", "uuid": "e534d7f8-4b07-4367-9336-155bffaddb73", "value": "Type Description: JPEG\nMicrosoft: None\nVT Total Detection:7/61\nFirst Submission:2025-11-03T07:13:00.000000+00:00\nLast Submission:2026-01-06T18:01:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490303", "uuid": "18669afd-fd5d-492e-ad78-6bd078eb0e4d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490303", "to_ids": true, "type": "md5", "uuid": "8facab14-d881-45ec-96b0-6a3785ded73e", "value": "c1be76d9e712f96e011fbfee4e5c2b24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486655", "to_ids": true, "type": "sha1", "uuid": "f1e1cc07-f4ed-478c-83ac-638cfc114fef", "value": "c72921d080ea0273f54b8cf2f7ef1241cca16d71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486656", "to_ids": true, "type": "sha256", "uuid": "9fa971eb-cbac-42ed-aec9-5d8b37694394", "value": "c6cd10f37b1f847fb6c17f4e065868de4a930a907c55664dfecef3a98e8197cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485874", "to_ids": true, "type": "ssdeep", "uuid": "5c4588aa-f444-46c0-b185-db9fa8940014", "value": "393216:BXmcBVFq2lCklve8n2DfkkY3ucN6ON2LcIugmgnhmcT18OKIV:oc9q2lGfDfkNuc8/Zugmghms6OKS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485874", "to_ids": false, "type": "size-in-bytes", "uuid": "95f19c9c-5c25-403c-9f8a-a7c9a635add1", "value": "17199419" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775485874", "to_ids": true, "type": "vhash", "uuid": "59274388-7140-4818-bb7f-8277cb007937", "value": "655a5ef6592feee7e64cd4e3c7c5c95a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485874", "to_ids": true, "type": "filename", "uuid": "93b19a91-646f-4563-9210-68841d0d20e6", "value": "64KZNSI.zip" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485874", "to_ids": false, "type": "text", "uuid": "00a0b889-6aa6-4762-944a-95ef37b12e3b", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:27/69\nFirst Submission:2026-01-12T23:18:01.000000+00:00\nLast Submission:2026-01-12T23:18:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490324", "uuid": "28f41669-09dc-467d-83e2-aee0fc0bc064", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490324", "to_ids": true, "type": "md5", "uuid": "2c59aaab-8ac3-4215-a5e6-edeab7432d97", "value": "cf73911e0ca8259e75caaefcda181d8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486656", "to_ids": true, "type": "sha1", "uuid": "b33ef5aa-f99f-49dc-a704-237f6e9f1294", "value": "ca00bb814bb7ab92c738dc10362a06b7aaf9247e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486656", "to_ids": true, "type": "sha256", "uuid": "e194a2d0-1737-490a-ae6c-1323380884ee", "value": "281d1dd17f3815e27db411a955d222105d47814b3bc6c7c0c96b6647e1548221", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485895", "to_ids": true, "type": "ssdeep", "uuid": "fff30329-e1f5-4e9e-bee9-39d15575863a", "value": "3072:nAKECqPEjq9w9ELJziSwFq8cqwrViCqjVFk:A+EwWHwWBbqjVFk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485895", "to_ids": false, "type": "size-in-bytes", "uuid": "c77ff395-c116-4ef5-a0cd-3776a236fea4", "value": "119274" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485895", "to_ids": true, "type": "filename", "uuid": "9efd327a-d8b7-4497-83e8-c7c0b7ff1711", "value": "1aaaassssssnov24.py" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 02/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485895", "to_ids": false, "type": "text", "uuid": "3b7ed52b-5393-44d8-9815-f7da2e6f1729", "value": "Type Description: Python\nMicrosoft: Trojan:Python/ShellcodeRunner.SLPQ!MTB\nVT Total Detection:28/62\nFirst Submission:2025-11-25T16:14:40.000000+00:00\nLast Submission:2025-11-25T16:14:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490345", "uuid": "2fd02926-d2c6-4897-8324-4b79ca28dce6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490345", "to_ids": true, "type": "md5", "uuid": "87ca623b-f254-4f09-a91b-cbf4088c6a45", "value": "46e8666c683f42824a400798965902c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486658", "to_ids": true, "type": "sha1", "uuid": "aad4b3f9-9cdd-4ba0-9c8d-f4aa43102fa9", "value": "d2888b491eb772daf92575245f352146b9d9d8f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486658", "to_ids": true, "type": "sha256", "uuid": "3a476a12-bf18-4c94-882a-d50617bdecf2", "value": "29477a3d523847fbc517b15ab221dbe1ea940661793de690b89baca2a2d809fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485917", "to_ids": true, "type": "ssdeep", "uuid": "4ebf4651-8308-48e6-ba6f-f2bbfdb891e2", "value": "768:hinCRUAGylsd6bjzOxIRRYNA2Z9OKaYAozhfOwxR9RlamfXI1CofI/k0QN:gz/yaobjzO64y2Z9BaM9OwxR9RZXa0QN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485917", "to_ids": false, "type": "size-in-bytes", "uuid": "c6a432da-c5ae-4cbb-98f9-63fc388861de", "value": "43988" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485917", "to_ids": true, "type": "filename", "uuid": "59ad1748-9a5e-4a12-9008-717638b84d72", "value": "johnny.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485917", "to_ids": false, "type": "text", "uuid": "df6e25d2-0315-4bda-b742-2049af3716b6", "value": "Type Description: JavaScript\nMicrosoft: None\nVT Total Detection:21/62\nFirst Submission:2026-01-15T08:25:48.000000+00:00\nLast Submission:2026-01-15T09:01:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490366", "uuid": "c5559b44-b4f6-4aeb-b28e-42635370d0ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490366", "to_ids": true, "type": "md5", "uuid": "86b02d9c-d0f0-4d1a-b4aa-8ce68a413099", "value": "8a54e63f2facd234a906dddad14a0f1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486659", "to_ids": true, "type": "sha1", "uuid": "1f8b56c4-b348-49d0-bd65-7d6120dac4f3", "value": "d450e39c688b5ad83666ab770c44c6feb2374a76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486659", "to_ids": true, "type": "sha256", "uuid": "aa5aca6f-9a86-4e31-b145-6647b30596ef", "value": "df545b699440a55f466006351803ec4fea719d1ddbcb9a2324249b8b1dcdd82c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485939", "to_ids": true, "type": "ssdeep", "uuid": "1b2e68fc-2717-4371-8e46-e56db9e72cc4", "value": "1536:YVZVe1jY6Uw9K7leVJfXaIlmFy0vePAfg+2w:YVZVX6FIYVAqmFXmofg+2w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485939", "to_ids": false, "type": "size-in-bytes", "uuid": "e685685a-7bb7-495e-a4b9-461bf3023b86", "value": "49640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485939", "to_ids": true, "type": "filename", "uuid": "3537e6e7-df30-48a4-aafd-01066f6260ca", "value": "johnxworm.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485939", "to_ids": false, "type": "text", "uuid": "234c092d-a0c7-43d5-8a2a-b25c948af9f5", "value": "Type Description: Powershell\nMicrosoft: None\nVT Total Detection:20/62\nFirst Submission:2026-01-15T08:24:58.000000+00:00\nLast Submission:2026-01-15T08:24:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490387", "uuid": "2deef861-ca9f-43f6-adc2-fbd260dab26e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490387", "to_ids": true, "type": "md5", "uuid": "b2dcb679-0a93-4f66-9d95-815c132f54a5", "value": "00e7ed386fd43b3ee9a1738ea653ef59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486660", "to_ids": true, "type": "sha1", "uuid": "97e46f60-4210-4502-bde9-bc5f3b4516b2", "value": "de7e91b62651355d43da56ed468dd6e92118192c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486660", "to_ids": true, "type": "sha256", "uuid": "175788a3-01dd-46ac-862e-d0caf4c44813", "value": "60b3680c61e3e00c61240721ea7e770e319abe4ef38cba28ee2a6a9875280eec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485960", "to_ids": true, "type": "ssdeep", "uuid": "a0758739-be8f-4598-971e-fe7df725e190", "value": "1536:KaxSh2yzcAlOEry29kuCUogMfCV+6cLspa/yL8oK+VX:5xSr/OPu9HVCLssq49+VX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485960", "to_ids": false, "type": "size-in-bytes", "uuid": "8d55d461-4bfe-4261-a500-da31130619ca", "value": "53251" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485960", "to_ids": true, "type": "filename", "uuid": "4c9d69b2-66b7-4b6f-8c50-e770ad4732bc", "value": "freededenxworm.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485960", "to_ids": false, "type": "text", "uuid": "5b04c435-d510-4401-ba78-6050ba78362b", "value": "Type Description: Powershell\nMicrosoft: None\nVT Total Detection:19/62\nFirst Submission:2026-01-09T16:14:11.000000+00:00\nLast Submission:2026-01-09T16:14:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490410", "uuid": "7e0d01e2-034f-48c3-83e5-eacf8de7786b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490410", "to_ids": true, "type": "md5", "uuid": "e110174e-be09-42ce-ab00-d22423dfb765", "value": "c74498de766491fe7ba7e330e045aab2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486661", "to_ids": true, "type": "sha1", "uuid": "403a81ff-0ce7-4abe-9770-727b94e7a506", "value": "e05701bf93c9032b5714774507c3b026a51f4fea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486661", "to_ids": true, "type": "sha256", "uuid": "3c444c15-0085-4559-9512-ff2892d5ae77", "value": "ea5b22e52974a5cecf323616800e456b06ba2a25dc9ad4b12b0526436b604747", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775485982", "to_ids": true, "type": "ssdeep", "uuid": "9298d750-2532-4a4b-887e-6d0138b48ed3", "value": "24576:J58EVGoljco4jhFIqAFFq5x8/N90dwCBvcoP+iwpUAiNHQN98EUDa5HDi:l3wjDVdL5+wlDaVi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775485982", "to_ids": false, "type": "size-in-bytes", "uuid": "5346add8-2819-478c-bead-ceb3b23fc27c", "value": "2035332" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775485982", "to_ids": true, "type": "filename", "uuid": "a5a4f29d-0510-4520-918f-2e62ed3ffd47", "value": "johnscorpio.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775485982", "to_ids": false, "type": "text", "uuid": "a729e0aa-16ae-4f35-98b3-7c8de36c5840", "value": "Type Description: JavaScript\nMicrosoft: None\nVT Total Detection:19/62\nFirst Submission:2026-01-12T16:07:33.000000+00:00\nLast Submission:2026-01-12T16:07:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490431", "uuid": "e3efd6bd-3076-4ade-8e4b-56b50a3678e1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490431", "to_ids": true, "type": "md5", "uuid": "ca4e8f02-2609-46e6-a487-56dd7ddf3f2f", "value": "229ca20293114027f5ef4fecda6be60e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486662", "to_ids": true, "type": "sha1", "uuid": "ae7d8bc9-ec70-4c1d-b27b-df146ca894f4", "value": "e52683b9c41e8de19fd6c213ed0c960ec1b6c5b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486662", "to_ids": true, "type": "sha256", "uuid": "9aed6c68-b2d9-4c6c-843b-b71ad0b3845c", "value": "7b02256d4b5744c9a0d53c6aaefb120fd30727b515fc3b046b58cdcd18efc273", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486004", "to_ids": true, "type": "ssdeep", "uuid": "0fb5fda1-49c9-44ef-927c-bfb6205f06e5", "value": "3072:nWboWkc2UTDPwToICQcji7zjGqV35PmjVFk:bUn4TxCQcj0zjGs4jVFk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486004", "to_ids": false, "type": "size-in-bytes", "uuid": "c59bca81-f75c-41d7-921d-bf6c3852b796", "value": "104258" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486004", "to_ids": true, "type": "filename", "uuid": "e8bc874b-d1ec-4090-bd9e-618ecc852154", "value": "1xwmmnov24.py" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 02/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486004", "to_ids": false, "type": "text", "uuid": "07e4d61e-e9d9-4dd9-b15f-b9855cff1df6", "value": "Type Description: Python\nMicrosoft: Trojan:Python/ShellcodeRunner.SLPQ!MTB\nVT Total Detection:29/62\nFirst Submission:2025-11-25T16:14:20.000000+00:00\nLast Submission:2025-11-25T16:14:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490453", "uuid": "f30e8022-b778-474f-90ef-b50d4919d831", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490453", "to_ids": true, "type": "md5", "uuid": "1ee1d120-eab5-4065-bb21-321369c2f362", "value": "8819254df99f26a548639a7c68dbfd84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486663", "to_ids": true, "type": "sha1", "uuid": "12a1bad6-b383-4ebf-9550-e30e53775d2f", "value": "eaedebdc23056fa4964a75d35bf20f9dd179a582", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486663", "to_ids": true, "type": "sha256", "uuid": "c618259a-5f8f-4942-9af2-607cd68d3f24", "value": "247f19b1b667c458efb6d1419e763c9501d37e24fe31d0eddefa6654b3663c6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486047", "to_ids": true, "type": "ssdeep", "uuid": "904169f2-15ac-42ca-b299-fe6c50fd5d47", "value": "24576:CCyL4G6rCMN1aAyCspw3s8w+tLd6rFSxs/VXgyINRZeo9bqPQTUAZ3c:HyL4GKspwc8HtwAxsUDesmPQTUAZ3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486047", "to_ids": false, "type": "size-in-bytes", "uuid": "d944d593-12a6-412a-9bde-ccb02ee0fde6", "value": "1526497" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486047", "to_ids": true, "type": "vhash", "uuid": "965226db-db99-475e-bb93-e2d8f640c07c", "value": "01603665655\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486047", "to_ids": true, "type": "filename", "uuid": "3d97268b-1de5-4c96-aa1d-c243d9b54ff4", "value": "k2haoui.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486047", "to_ids": false, "type": "text", "uuid": "97df5555-6cff-4dc3-9ca4-a6c46dc637d8", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:25/72\nFirst Submission:2026-01-12T16:08:47.000000+00:00\nLast Submission:2026-01-12T16:08:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490474", "uuid": "bd3a4b96-496d-4623-933d-0877a6acf00a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490474", "to_ids": true, "type": "md5", "uuid": "7ab1e648-c72b-44e9-b95b-06821f467a59", "value": "cdfc737aff586d2f0d5bdd75ed25cbe4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486664", "to_ids": true, "type": "sha1", "uuid": "b6fa2d34-5f61-484d-9729-d0728072a095", "value": "f66364a3566d48e0588237e288003c541ae0fd73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486664", "to_ids": true, "type": "sha256", "uuid": "6680719c-adb3-4557-af6c-c68f288aeca6", "value": "11dfefebcb7fc59fff9ebd78bb55676f77825d5919ce6f65a4376760e18154c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486069", "to_ids": true, "type": "ssdeep", "uuid": "f7411993-a634-445b-be27-8d0a10990cc4", "value": "48:igX7hc8NTfDVc+3E6Np3YPTzkwAiB691Kc3jA1K2A1KUGQA1KUmLc1K0yA1K0c1J:icNTfLUwymfH3CFmgfoO1N7nF2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486069", "to_ids": false, "type": "size-in-bytes", "uuid": "388f363a-0f7e-44d7-88b3-8545a93f47ac", "value": "3196" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486069", "to_ids": true, "type": "filename", "uuid": "eb685a71-b01d-4cf1-95d5-da6b4cfd5201", "value": "4.bat" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486069", "to_ids": false, "type": "text", "uuid": "96838b1d-84bc-4847-aa61-61998a0088c4", "value": "Type Description: DOS batch file\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:20/62\nFirst Submission:2025-12-22T17:14:32.000000+00:00\nLast Submission:2026-01-02T05:18:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490496", "uuid": "79525e20-8e39-43be-b82c-bbcd9414da30", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490496", "to_ids": true, "type": "md5", "uuid": "b16d23e7-1aa5-42c4-9f39-c081267944eb", "value": "b2ec0438fc6e2be0548a5b81e6a6e778", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486666", "to_ids": true, "type": "sha1", "uuid": "092b1dc9-60d8-441d-bf47-f0e5d843dc26", "value": "ff3512c52e34b7fad458d632f347a37f32a671fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486666", "to_ids": true, "type": "sha256", "uuid": "4366a328-1f14-4e7a-8858-cf1b95e4f94b", "value": "b62625ac88c49737a7c262423720cc8befbc2547775a674c673a2b2cc7ae8388", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486091", "to_ids": true, "type": "ssdeep", "uuid": "86b6d1a7-ef9a-45d1-a1b9-d9f89390285c", "value": "384:GLfL7PAg3cjcS7T2j9quFjNWWGtFqhXz6XAisVsLCroV9BcTmhLDdHYCFZP3lpmh:gfL7PAlcSseFkvVUhVjue1v7R71h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486091", "to_ids": false, "type": "size-in-bytes", "uuid": "adf92980-218f-4d32-80da-3a393db4b3e6", "value": "32996" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486091", "to_ids": true, "type": "filename", "uuid": "ec3bc460-a6a3-4bc6-8340-548a1e390ba6", "value": "o3pi4xpeh.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486091", "to_ids": false, "type": "text", "uuid": "884c62dc-5d8b-4b95-a399-4e0f739b929d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:44/72\nFirst Submission:2026-01-15T08:40:36.000000+00:00\nLast Submission:2026-01-15T08:40:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490518", "uuid": "28030e87-10a9-4bc4-ad3e-ba43aee900cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490518", "to_ids": true, "type": "md5", "uuid": "95286134-2359-4e29-a95e-39d5ce4f318f", "value": "5a71ae59e451c19773874d7a63774d7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486667", "to_ids": true, "type": "sha1", "uuid": "a188fe2c-5117-4b7d-98e5-0371675b7e88", "value": "ffe9a4a3daaa5773e324014d0282d4c6bbbc1da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486667", "to_ids": true, "type": "sha256", "uuid": "6c7bafd3-e2f2-40c2-bbf3-f121eebe0c6f", "value": "705a9c4acf7a37ecf1eb720653b3dc7d6b0fcf32b8513c5b2a72ea39a91ccf72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486113", "to_ids": true, "type": "ssdeep", "uuid": "f3e80388-f0ec-4387-b5a2-d7363e815a7e", "value": "24576:zNq9QA36Hpka9t8lqqe9Xod4nlNU6YYxQz6:pqYJOSlxV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486113", "to_ids": false, "type": "size-in-bytes", "uuid": "9f7de653-22e4-4812-9a51-ce1bbfed06f0", "value": "820571" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486113", "to_ids": true, "type": "filename", "uuid": "9c6d2155-e997-42f3-a1d7-8d2cf6560293", "value": "johnremcos.txt" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 27/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486113", "to_ids": false, "type": "text", "uuid": "f231b5dd-240e-4e0f-9036-53590d02b169", "value": "Type Description: Powershell\nMicrosoft: None\nVT Total Detection:0/64\nFirst Submission:2026-01-09T15:40:21.000000+00:00\nLast Submission:2026-01-09T15:40:21.000000+00:00" } ] } ] } }