{ "Event": { "analysis": "1", "date": "2026-03-10", "extends_uuid": "", "info": "[Threat Intel] Iranian MOIS Actors & the Cyber Crime Connection", "protected": false, "publish_timestamp": "1773997382", "published": true, "threat_level_id": "2", "timestamp": "1773997382", "uuid": "c0ce4730-3a8d-4379-87d3-2b1ec77295d8", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#e8825f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#bf6f24", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic Resolution - T1568\"", "relationship_type": "" }, { "colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#c9dbdd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stage Capabilities - T1608\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#cc5e96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": "" }, { "colour": "#cf2da1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Develop Capabilities - T1587\"", "relationship_type": "" }, { "colour": "#d9210a", "local": false, "name": "misp-galaxy:target-information=\"Albania\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Hacktivist\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CASTLELOADER\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Qilin\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773226811", "to_ids": false, "type": "link", "uuid": "2eb510a0-dbe6-4d89-a1c9-b11872d266ab", "value": "https://research.checkpoint.com/2026/iranian-mois-actors-the-cyber-crime-connection/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773226811", "to_ids": false, "type": "text", "uuid": "06dccf94-ede7-4d6e-ba89-064c6d74841a", "value": "Iranian intelligence services are increasingly engaging with the cyber crime ecosystem, leveraging criminal tools, services, and operational models to support state objectives. This trend is particularly evident among actors linked to the Ministry of Intelligence and Security (MOIS), such as Void Manticore and MuddyWater. These actors are not merely imitating criminal behavior but actively associating with the cyber criminal ecosystem, using its infrastructure, malware, and affiliate-style relationships. This approach enhances their operational capabilities, complicates attribution, and contributes to confusion around Iranian threat activity. Examples include the use of ransomware branding, commercial infostealers, and overlaps with criminal malware clusters. This shift from imitation to active engagement with cyber crime offers both improved deniability and expanded technical capabilities for Iranian actors." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773226811", "to_ids": false, "type": "text", "uuid": "f05907aa-fb18-478e-b8d8-a7b52782abdb", "value": "Name: Iranian MOIS Actors & the Cyber Crime Connection\nAuthor: AlienVault\nAdversary: MOIS (Ministry of Intelligence and Security)\nTags: [\"castleloader\", \"muddywater\", \"tsundere botnet\", \"rhadamanthys\", \"dindoor\", \"mois\", \"stagecomp\", \"fakeset\", \"void manticore\", \"infostealers\", \"qilin\"]\nTgtd countries: [\"Albania\", \"Israel\", \"Sweden\"]\nMlwr families: [\"Rhadamanthys\", \"Tsundere Botnet\", \"DinDoor\", \"CastleLoader\", \"FakeSet\", \"StageComp\", \"Qilin\"]\nAttack_ids: [\"T1583\", \"T1071\", \"T1195\", \"T1036\", \"T1090\", \"T1568\", \"T1584\", \"T1102\", \"T1608\", \"T1566\", \"T1001\", \"T1027\", \"T1573\", \"T1132\", \"T1588\", \"T1587\"]\nIndustries: [\"Government\", \"Healthcare\", \"Telecommunications\", \"Defense\", \"Energy\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1773226811", "to_ids": false, "type": "threat-actor", "uuid": "0237d5f3-2ae4-4147-bb8e-62da09cd6298", "value": "MOIS (Ministry of Intelligence and Security)" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276153", "to_ids": true, "type": "sha1", "uuid": "b6b8e571-022a-49f2-9892-c6ea4fbaa57e", "value": "0902d7915a19975817ec1ccb0f2f6714aed19638", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276154", "to_ids": true, "type": "sha1", "uuid": "cf54bae7-ec13-4813-b7ae-15f562ad17b4", "value": "2087bb914327e937ea6e77fe6c832576338c2af8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276155", "to_ids": true, "type": "sha1", "uuid": "4ec21a92-d370-4194-9c15-df9fe2986c27", "value": "21a435ecaa7b86efbec7f6fb61fcda3da686125c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276156", "to_ids": true, "type": "sha1", "uuid": "9e3cc678-4873-4f40-af4c-f83dca5ab59a", "value": "389b12da259a23fa4559eb1d97198120f2a722fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276157", "to_ids": true, "type": "sha1", "uuid": "c471d6b1-ffa6-4097-94bd-63a4f19f369e", "value": "551bdf646df8e9abe04483882650a8ffae43cb55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276159", "to_ids": true, "type": "sha1", "uuid": "1de5c5fd-ac32-4b10-93ac-eb6ef769a744", "value": "579a4584a6eef0a2453841453221d0fb25c08c89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276160", "to_ids": true, "type": "sha1", "uuid": "a7f84e4f-9e24-4eb0-8c2d-7346c087a3f0", "value": "9dcb994ea2b8e6169b76a524fae7b2d2dcd1807d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276161", "to_ids": true, "type": "sha1", "uuid": "b494fdef-bdbc-4e3e-87cc-6640429547a3", "value": "b674578d4bdb24cd58bf2dc884eaa658b7aa250c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276162", "to_ids": true, "type": "sha1", "uuid": "e27ed5de-fe9c-4a19-98ae-0e7ab7b5de1b", "value": "d920ae0f8ea8b5bd42de49e01c6bbd4c2c6d0847", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773276164", "to_ids": true, "type": "sha1", "uuid": "b16eab02-5b63-4cc5-9f8b-aaee303689e0", "value": "f8444dfc740b94227ab9b2e757b8f8f1fa49362a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773278901", "uuid": "ce0abb75-effb-41c0-8431-3e16ee9c22b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773278901", "to_ids": true, "type": "md5", "uuid": "cf4986d1-2ffd-476e-b69c-e26b5519c6e8", "value": "29953b2e46aeaf0157d487c13c4a0643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276134", "to_ids": true, "type": "sha1", "uuid": "2de210ec-d69b-4776-bd12-16947cd437b4", "value": "429efcf0370b53cc3c455b634dc066b1d08b568d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276134", "to_ids": true, "type": "sha256", "uuid": "19c782fc-41a5-4dfa-9d85-4d4e7a1c7acb", "value": "077ab28d66abdafad9f5411e18d26e87fe43da1410ee8fe846bd721ab0cb52de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275335", "to_ids": true, "type": "ssdeep", "uuid": "5275c459-2491-4513-aaa8-450ca029ffbb", "value": "1572864:tpQL+rJ/Lu+bSBscfv7pGHe/zA6wa8iV/dU0pk39/kHE+au0brozD/N0in1OUWjO:tpQCrJ/Lu8DcnFG+/h8KdXk9/kHxaum4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275335", "to_ids": false, "type": "size-in-bytes", "uuid": "c470621e-666c-4663-9e62-cf4767af0dee", "value": "75387632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275335", "to_ids": true, "type": "vhash", "uuid": "7c86156a-cf2f-459e-8c11-1aa99298397d", "value": "077056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275335", "to_ids": true, "type": "filename", "uuid": "01aa4332-60b6-4a4d-8520-fff9fc43215a", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275335", "to_ids": false, "type": "text", "uuid": "ac79288b-7bc7-4869-8731-00eb5404af21", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:27/70\nFirst Submission:2026-02-24T20:59:20.000000+00:00\nLast Submission:2026-03-02T12:27:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773278922", "uuid": "f1bfc376-1aa2-4951-9aa3-67745b99a5c7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773278922", "to_ids": true, "type": "md5", "uuid": "a106f5ee-f5cf-43c5-b535-c6cd2830504b", "value": "439c0a0a46627bd166e08436f383ad56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276135", "to_ids": true, "type": "sha1", "uuid": "ea0f30f8-5dd3-4159-8d59-00111b447c98", "value": "c16099c29ccdb34764e4d15b1dab2d141d159950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276135", "to_ids": true, "type": "sha256", "uuid": "daff9458-a87e-4c0d-a259-753b00ec8198", "value": "24857fe82f454719cd18bcbe19b0cfa5387bee1022008b7f5f3a8be9f05e4d14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275357", "to_ids": true, "type": "ssdeep", "uuid": "965ff2ad-73d7-4e63-b998-78cda044541e", "value": "3072:+LSMqpdvXugbMnvqYhYBCDOh4zUdORB4mRD8wT6T9yRT6Wml5jbxaq1Ta:+WVplAnrYBdYRBZmxaqla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275357", "to_ids": false, "type": "size-in-bytes", "uuid": "d605570d-6e86-407d-9933-6b2f04a0d80b", "value": "307656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275357", "to_ids": true, "type": "vhash", "uuid": "6128b014-727f-4ada-b238-d851a606b376", "value": "035056655d15156018z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275357", "to_ids": true, "type": "filename", "uuid": "647fefda-33dd-4d62-95a9-50bdfd1f1b93", "value": "DIDS.exe" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275357", "to_ids": false, "type": "text", "uuid": "c33ec56d-a935-4fc4-abe2-a669e3c70d66", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:36/72\nFirst Submission:2026-02-18T18:50:37.000000+00:00\nLast Submission:2026-03-03T06:26:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773278943", "uuid": "1ad0c09c-922d-4082-af35-8eea6f53ef23", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773278943", "to_ids": true, "type": "md5", "uuid": "5eea643e-e5c3-46df-8c2f-1184e05f243d", "value": "4860758863fd040a8c809ce53cb7fb37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276137", "to_ids": true, "type": "sha1", "uuid": "d8522977-c4fe-4675-990e-cf4f908efa15", "value": "fa49d1fd5a938b3de0840759db62867e6382cea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276137", "to_ids": true, "type": "sha256", "uuid": "399bed5a-2531-4b48-95ab-bbc38c94316d", "value": "94f05495eb1b2ebe592481e01d3900615040aa02bd1807b705a50e45d7c53444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275379", "to_ids": true, "type": "ssdeep", "uuid": "4c782a1a-8111-4994-b129-f78c6e1bbc0f", "value": "1572864:LPfZUrpoBrPO0+qPnsnaqQKomkK3OvM7x6ZnPGlBBp9nPxTuYyig0fjTJ:LPfCruBrP/x/YQXmoNNebb9x5ywj9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275379", "to_ids": false, "type": "size-in-bytes", "uuid": "898af5c4-3e11-49ba-a194-64cf2a97b892", "value": "106536312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275379", "to_ids": true, "type": "vhash", "uuid": "b7d02696-dbe7-4b00-b102-01c1945ae001", "value": "018056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275379", "to_ids": true, "type": "filename", "uuid": "7332cbcd-9340-4ed0-a8c1-55b004e61873", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275379", "to_ids": false, "type": "text", "uuid": "1f2047f9-ee73-43e2-a366-e24c2496877b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:21/70\nFirst Submission:2026-02-27T21:18:48.000000+00:00\nLast Submission:2026-03-10T07:07:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773278965", "uuid": "a2b40080-c6ba-4bd6-bb26-f45e0587bc89", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773278965", "to_ids": true, "type": "md5", "uuid": "a7004310-9a9b-42a6-b72f-d37387193f3a", "value": "56a4b425aba37ef886bdfbd8343a1bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276138", "to_ids": true, "type": "sha1", "uuid": "280a1abf-1bda-4f43-be61-1c2e01e37f91", "value": "3ab3fee4daac90bb7bee470b5b2de8ee0d6bec8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276139", "to_ids": true, "type": "sha256", "uuid": "0fa94488-7a00-4690-b7a8-f4739bcb56e5", "value": "4aef998e3b3f6ca21c78ed71732c9d2bdcc8a4e0284f51d7462c79d446fbc7be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275401", "to_ids": true, "type": "ssdeep", "uuid": "b72302a3-67e7-4636-b3c2-cbb6c6068f70", "value": "1572864:3Zcy/5CmaOQKGk55K5QWn50nfM81pzdBfGuJQXGGTqK6eV1+Jd8Cv5qPV:3ZJFH3WninE81pfDoGGTJVYhv5qN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275401", "to_ids": false, "type": "size-in-bytes", "uuid": "1bcf8ad7-2786-4c78-93c2-68812974b7c2", "value": "88529896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275401", "to_ids": true, "type": "vhash", "uuid": "bfa52c98-9f68-4930-b8a1-cd3dc7674beb", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275401", "to_ids": true, "type": "filename", "uuid": "4474d8f7-2e55-462d-897c-e63646bf9023", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275401", "to_ids": false, "type": "text", "uuid": "e7195ab9-14db-430c-9464-7d87db8f9f36", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:27/70\nFirst Submission:2026-02-26T13:17:17.000000+00:00\nLast Submission:2026-03-03T06:51:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773278986", "uuid": "252458c7-290a-4d5e-9c4a-a49776a4cda0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773278986", "to_ids": true, "type": "md5", "uuid": "c8c9e899-112e-4305-b88b-8b3dee7324b8", "value": "591aae15106147bdb5bc7b26049b943f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276139", "to_ids": true, "type": "sha1", "uuid": "ff6203fd-3c30-490a-ac37-605479681de1", "value": "cecf87d582b4df4323eaef04c9a648d43325043a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276139", "to_ids": true, "type": "sha256", "uuid": "218dcbd6-dc12-45ea-ac5a-cef4e25bfcfd", "value": "ddceade244c636435f2444cd4c4d3dc161981f3af1f622c03442747ecef50888", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275424", "to_ids": true, "type": "ssdeep", "uuid": "92d3a6e1-ac23-462a-92d9-9f56231997b0", "value": "1572864:BZcy/5CmaOQKGk55K5QWn50nfM81pzdBfGuJQXGGTqK6eV1+Jd8Cv5qPZ:BZJFH3WninE81pfDoGGTJVYhv5qR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275424", "to_ids": false, "type": "size-in-bytes", "uuid": "21db6ce9-5513-41e6-9ec2-763f891435c3", "value": "88529904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275424", "to_ids": true, "type": "vhash", "uuid": "8c2f2699-808d-4e08-a380-495fa8b0b848", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275424", "to_ids": true, "type": "filename", "uuid": "aa70a04e-bd1b-40ba-b1ae-bfd74fb03b27", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275424", "to_ids": false, "type": "text", "uuid": "94240387-9980-4a2d-baa4-91279345cb46", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:21/70\nFirst Submission:2026-02-23T21:22:46.000000+00:00\nLast Submission:2026-03-02T14:05:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279008", "uuid": "1c516e5a-24d1-4e72-aac2-2bf9af53ff52", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279008", "to_ids": true, "type": "md5", "uuid": "c3d2cb92-f997-4299-b7de-e977ebc1479c", "value": "5c057af2f358fc10107d5ccdb39938ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276141", "to_ids": true, "type": "sha1", "uuid": "b97a2d55-afd8-4235-90c3-040cec6499d3", "value": "e2e8516b4f275e8c636620b7377ee3b9f9f47bb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276141", "to_ids": true, "type": "sha256", "uuid": "6a841f66-cf8c-4634-a151-46d141a17319", "value": "2a09bbb3d1ddb729ea7591f197b5955453aa3769c6fb98a5ef60c6e4b7df23a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275446", "to_ids": true, "type": "ssdeep", "uuid": "171851d6-f188-48ec-953a-758f70e6db57", "value": "24576:5NOmTRC/KmPbeqL+FnXvO9+f1KUw+T/s/e:vOmVv+bD+1X29WKwE/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275446", "to_ids": false, "type": "size-in-bytes", "uuid": "1f826aa0-f281-4bce-a155-32ddb4a27bc2", "value": "1096704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275446", "to_ids": true, "type": "vhash", "uuid": "2a4e06c6-0ff1-4053-bf93-923cb999b8de", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275446", "to_ids": true, "type": "filename", "uuid": "b9195ad5-4952-4337-a273-9a29508dd360", "value": "2a09bbb3d1ddb729ea7591f197b5955453aa3769c6fb98a5ef60c6e4b7df23a5.msi" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275446", "to_ids": false, "type": "text", "uuid": "74607762-8c1e-42f2-9ea0-fe29c53d9b70", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:23/62\nFirst Submission:2026-02-13T11:10:02.000000+00:00\nLast Submission:2026-03-02T14:07:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279029", "uuid": "796dc177-b588-4395-a6d7-040f8a1e223e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279029", "to_ids": true, "type": "md5", "uuid": "5383abe5-c3cd-4fdb-b8a9-cf9c7d2b18d1", "value": "76c59282e44a461105dc5739a6ba7c33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276142", "to_ids": true, "type": "sha1", "uuid": "1b4cd656-3466-4f02-ae47-0d58ce5af5f6", "value": "7a8963d123918ca86727649492cd1ff4e020cb72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276142", "to_ids": true, "type": "sha256", "uuid": "b251edbb-9b86-4550-8b34-827f480840ae", "value": "64cf334716f15da1db7981fad6c81a640d94aa1d65391ef879f4b7b6edf6e7f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275467", "to_ids": true, "type": "ssdeep", "uuid": "8dfc5f18-34dd-43c3-b620-92e0fbc4e1a3", "value": "1572864:S6sZA+TMMdh0OWzeRxhsyw1CvawblHmTJGGrxLPXBNGA72PWDt+wzN7RX:S6smSjdhbWzKxhsh1CvaeGNGGrxjXBNX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275467", "to_ids": false, "type": "size-in-bytes", "uuid": "1e97363f-58e0-4cd3-868d-a09da9076c1e", "value": "87211504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275467", "to_ids": true, "type": "vhash", "uuid": "4870ff1f-377a-465c-a0ad-0d72e7389975", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275467", "to_ids": true, "type": "filename", "uuid": "fa82e5b8-6188-4579-9aeb-25ada021a155", "value": "installer" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275467", "to_ids": false, "type": "text", "uuid": "905a80cf-5b24-44a2-813a-34c1d8e89f9a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:26/70\nFirst Submission:2026-02-16T03:14:20.000000+00:00\nLast Submission:2026-03-02T12:34:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279050", "uuid": "b5d7d2ed-e901-4588-8996-11bfcf30c2c9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279050", "to_ids": true, "type": "md5", "uuid": "ef015447-9f6b-40d3-a98a-db1a09793f98", "value": "7a4119e116ecdefe0a1017110e250e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276143", "to_ids": true, "type": "sha1", "uuid": "cba643d8-7d7a-479a-8e2e-b697e957be4f", "value": "be3c8f93e9d7f42ec1133ab36f555b104b23fe1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276143", "to_ids": true, "type": "sha256", "uuid": "22c371a4-89c5-41cb-b4d1-4ff93b4bb74b", "value": "a4bd1371fe644d7e6898045cc8e7b5e1562bdfd0e4871d46034e29a22dec6377", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275489", "to_ids": true, "type": "ssdeep", "uuid": "185bd663-85fa-4add-aff1-f1366a9841c6", "value": "1572864:SpQL+rJ/Lu+bSBscfv7pGHe/zA6wa8iV/dU0pk39/kHE+au0brozD/N0in1OUWjr:SpQCrJ/Lu8DcnFG+/h8KdXk9/kHxaumh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275489", "to_ids": false, "type": "size-in-bytes", "uuid": "c4ee1cfe-2dd7-40c7-a178-0480c6d5ecbc", "value": "75387624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275489", "to_ids": true, "type": "vhash", "uuid": "15fa7a74-23e5-4c35-be15-99f475f31a21", "value": "077056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275489", "to_ids": true, "type": "filename", "uuid": "45cbff0b-13d6-4972-8f0b-4f2db5ba7232", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275489", "to_ids": false, "type": "text", "uuid": "beb2a3f7-676a-423c-a107-c844235b2285", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:21/70\nFirst Submission:2026-02-22T21:25:10.000000+00:00\nLast Submission:2026-03-03T06:47:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279071", "uuid": "4ca3fd1c-ce09-42b1-a948-2dfdd10928fb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279071", "to_ids": true, "type": "md5", "uuid": "4c3d4866-1290-473f-905c-e89c767f4905", "value": "7f3c8a7fe78d3d05b6022df3ea0c15fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276144", "to_ids": true, "type": "sha1", "uuid": "1aaaa73d-a4c6-4633-b939-b25fa5d6ef72", "value": "0ba2306ec15f7124fafc7615e81f34c7986ba9a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276144", "to_ids": true, "type": "sha256", "uuid": "b0064eae-3f42-4c0b-8d47-9ea972cd59d4", "value": "a92d28f1d32e3a9ab7c3691f8bfca8f7586bb0666adbba47eab3e1a8faf7ecc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275511", "to_ids": true, "type": "ssdeep", "uuid": "5557865d-5214-4236-88c2-011330e62419", "value": "3072:eLSMqpdvXugbMnvqYhYBCDOh4zUdORB4mRD8wT6T9yRT6Wml5jbxaq1Ta:eWVplAnrYBdYRBZmxaqla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275511", "to_ids": false, "type": "size-in-bytes", "uuid": "f3dab4a5-8ec3-4d1d-8ec9-5b3c3cf26413", "value": "307656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275511", "to_ids": true, "type": "vhash", "uuid": "e2e2f641-8a26-4507-a798-4762bd2520d7", "value": "035056655d15156018z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275511", "to_ids": true, "type": "filename", "uuid": "e761b6f6-987d-403f-887d-67537b1c14d7", "value": "DIDS.exe" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275511", "to_ids": false, "type": "text", "uuid": "d791ee26-e234-4b40-8ae8-4d7987d4efd1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:45/72\nFirst Submission:2026-03-03T06:35:22.000000+00:00\nLast Submission:2026-03-05T12:38:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279092", "uuid": "453fcf6d-1942-42dc-a396-74a5ce19e007", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279092", "to_ids": true, "type": "md5", "uuid": "735e1410-383a-450d-bf11-21ea1cb43103", "value": "838c8fd4ae7e3c4972adc8800db44929", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276145", "to_ids": true, "type": "sha1", "uuid": "efe17527-3825-4b82-854c-08915ed50307", "value": "2b781b3a352db44db67ad56e8477e6a1016b2597", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276145", "to_ids": true, "type": "sha256", "uuid": "81cbc28a-a941-4e3a-b7fb-8a8dbba91aee", "value": "64263640a6fdeb2388bca2e9094a17065308cf8dcb0032454c0a71d9b78327eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275533", "to_ids": true, "type": "ssdeep", "uuid": "691689a6-a77b-4f2d-bb1d-31ce09d66e2a", "value": "1572864:pwKJPDvHypeHbTLgt8WOw+7JPQ4+hC3N1Fq5FGHMR8UVHML+9m6/nZ/9UjAJB:pwKNvypccaFlD+c3DaGHOsL+9m6/Z/95" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275533", "to_ids": false, "type": "size-in-bytes", "uuid": "62905dc0-4847-4eec-afa3-ecfd82dc31a3", "value": "86800256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275533", "to_ids": true, "type": "vhash", "uuid": "0e810d77-fb2d-4163-aa95-6a84fbf69f88", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275533", "to_ids": true, "type": "filename", "uuid": "09a04a1d-3f73-40a9-a382-d1f826cd27d7", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275533", "to_ids": false, "type": "text", "uuid": "1ec2b2e2-1efb-4699-bc6c-fed29657eeb2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:37/70\nFirst Submission:2026-03-02T18:31:33.000000+00:00\nLast Submission:2026-03-03T03:44:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279114", "uuid": "ffc33de9-a680-4aab-8cb6-58b908ce1fa8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279114", "to_ids": true, "type": "md5", "uuid": "84ff5dd3-1e43-4928-a3e5-810a28f9808e", "value": "e2bcc41ddea5cf9d759380701d14f258", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276147", "to_ids": true, "type": "sha1", "uuid": "c3ac5f37-bb63-4127-a0f7-f48199ae68e7", "value": "a42b4914b0c8dc47a3a5f8114d0fcbef02d84e0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276147", "to_ids": true, "type": "sha256", "uuid": "93bd9cef-0c65-4df9-abeb-418b0c5b2d35", "value": "74db1f653da6de134bdc526412a517a30b6856de9c3e5d0c742cb5fe9959ad0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275555", "to_ids": true, "type": "ssdeep", "uuid": "be6a95b4-4149-4dae-ab0e-ff26ee811b8a", "value": "1572864:+IKIeltfvHDKox83cPm8Jyvd0eLGxH9pZbgjiQYp7Mrs/whah9NwExmbP0Hy:+IKIe7HjXO8Mvd0eLG59pGj+Eof2Exof" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275555", "to_ids": false, "type": "size-in-bytes", "uuid": "66ea6760-c990-4a3e-9a9a-6d359e77d271", "value": "86805232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275555", "to_ids": true, "type": "vhash", "uuid": "ba352d9f-46c0-4b2f-a1d3-8122c4638ece", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275555", "to_ids": true, "type": "filename", "uuid": "621bfffa-d674-4865-a059-2b7390a8e746", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275555", "to_ids": false, "type": "text", "uuid": "5a14fa56-173e-41b0-b149-aa3e13a6a938", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:28/70\nFirst Submission:2026-02-27T00:37:08.000000+00:00\nLast Submission:2026-03-03T06:50:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279136", "uuid": "d9491969-5a10-4b93-8616-6fd3a2c2e317", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279136", "to_ids": true, "type": "md5", "uuid": "7639c344-9122-45e5-8565-a26a7c9fab10", "value": "e6fafcb72f2f315692218182ba84e0ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276148", "to_ids": true, "type": "sha1", "uuid": "a0cbacc2-25b3-4fc1-b6f8-895a520a5fb9", "value": "9c5cc25e80df75f91873bf31a6269e7bdab7c6d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276148", "to_ids": true, "type": "sha256", "uuid": "a9db03c2-21f4-41a5-be67-0f8b82ed91b0", "value": "2b7d8a519f44d3105e9fde2770c75efb933994c658855dca7d48c8b4897f81e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275577", "to_ids": true, "type": "ssdeep", "uuid": "ab307f5c-ef47-4fff-86a4-6f116b2341aa", "value": "1572864:h6sZA+TMMdh0OWzeRxhsyw1CvawblHmTJGGrxLPXBNGA72PWDt+wzN7R2:h6smSjdhbWzKxhsh1CvaeGNGGrxjXBN2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275577", "to_ids": false, "type": "size-in-bytes", "uuid": "3fc2be95-4378-445d-9539-102d14ef1d2f", "value": "87211504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275577", "to_ids": true, "type": "vhash", "uuid": "c79f04e6-1759-4530-b249-acbfcd15f025", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275577", "to_ids": true, "type": "filename", "uuid": "1d9390f0-f0c5-4c75-bbef-b8fa1dd77641", "value": "installer" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 12/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275577", "to_ids": false, "type": "text", "uuid": "90995cba-db2d-4626-9dcd-971eb5cd96a2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:31/70\nFirst Submission:2026-02-11T21:50:28.000000+00:00\nLast Submission:2026-03-02T12:20:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279158", "uuid": "0493374a-329c-4b6c-bfcf-bf6540e390a8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279158", "to_ids": true, "type": "md5", "uuid": "bb5536f0-8903-42bc-8428-d0ab19d3abf7", "value": "eb5e96e05129e5691f9677be4e396c88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276150", "to_ids": true, "type": "sha1", "uuid": "f957342f-8c72-4055-b57d-0d4966b0ccd9", "value": "8eaae096b32ddc805949d6c4f40db000b038f90c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276150", "to_ids": true, "type": "sha256", "uuid": "1f62fc93-8774-477a-87cb-87d02be0fc27", "value": "d83ccacbcb556e86c350a9b5c87e068cb40d3e90016963b86e59fb0bb86c8f61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275599", "to_ids": true, "type": "ssdeep", "uuid": "7e2be8ce-fdf3-4df3-bd6a-e7451d25baea", "value": "98304:1zA1KI35vPrVgVNmm0A1BUfgXsir80oUoWAsCUon:1U1npvDGV2fgXsp/NFn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275599", "to_ids": false, "type": "size-in-bytes", "uuid": "770945c6-3f42-46df-a1cf-892ff075947e", "value": "3580416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275599", "to_ids": true, "type": "vhash", "uuid": "72d89a3d-9bc7-4e81-92ee-0d2969a37bea", "value": "13603e0f7d1bz301&z2" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 12/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275599", "to_ids": false, "type": "text", "uuid": "62c11984-7347-4f3c-80ff-371ec35b9bf7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:43/72\nFirst Submission:2025-05-14T15:58:14.000000+00:00\nLast Submission:2025-05-14T15:58:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279179", "uuid": "9488ab88-e0aa-45a6-9bc2-44b0afbbd898", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279179", "to_ids": true, "type": "md5", "uuid": "a9f9b05d-4bea-456b-bd9e-b5634fe5ec5e", "value": "f02463bb05b85da1ed7d0f166174ef9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276151", "to_ids": true, "type": "sha1", "uuid": "d8a6e142-2159-4b13-970d-836021306027", "value": "c2825f992911c8596411575e77b56c69722b7f4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276151", "to_ids": true, "type": "sha256", "uuid": "f687ea52-a20d-4caf-b8fd-8c042e562660", "value": "a8c380b57cb7c381ca6ba845bd7af7333f52ee4dc4e935e98b48bb81facad72b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275621", "to_ids": true, "type": "ssdeep", "uuid": "b2a3be96-7c84-4c46-88d1-19b001411386", "value": "1572864:awKJPDvHypeHbTLgt8WOw+7JPQ4+hC3N1Fq5FGHMR8UVHML+9m6/nZ/9UjAJo:awKNvypccaFlD+c3DaGHOsL+9m6/Z/9A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275621", "to_ids": false, "type": "size-in-bytes", "uuid": "fcbec90c-eef2-4194-b238-df8d596ff9b0", "value": "86799392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275621", "to_ids": true, "type": "vhash", "uuid": "86e685c3-7cd1-4184-8f18-e1ee65dac5be", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275621", "to_ids": true, "type": "filename", "uuid": "2236ae8c-fd96-4843-bb97-b15c24316285", "value": "setup" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275621", "to_ids": false, "type": "text", "uuid": "1f8d2261-7300-48f3-b4da-54b9e256a15a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:35/70\nFirst Submission:2026-03-02T03:55:49.000000+00:00\nLast Submission:2026-03-11T09:51:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773279201", "uuid": "df6c1db4-9b84-4102-aaf1-2546d83b2dd3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773279201", "to_ids": true, "type": "md5", "uuid": "a3da5714-b1dc-46d1-b09d-ca90ff783979", "value": "a8e9b718a677a5ed99e839190eff02bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773276152", "to_ids": true, "type": "sha1", "uuid": "f41e6b37-634d-4fa7-8eb4-3f8c970457a0", "value": "2d2fbd10629e44ca36397c160ba2a5b05bb49289", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773276152", "to_ids": true, "type": "sha256", "uuid": "e31c1b1a-521b-4af3-9454-922830fdd54e", "value": "aae017e7a36e016655c91bd01b4f3c46309bbe540733f82cce29392e72e9bd1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773275858", "to_ids": true, "type": "ssdeep", "uuid": "747c9340-6f03-4da2-af0f-82277ac627e4", "value": "24576:4b/pDYLjWqXDHdgTAb2sF+rwLFMp17kyByOa/8PhUWfo4ui0/7ARNpgYnmffqRk4:y/pgjrQck8FoJkyAaPh/A4uicERMogfc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773275858", "to_ids": false, "type": "size-in-bytes", "uuid": "d0afd0df-6136-4300-925b-65f66bc72797", "value": "1513688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773275858", "to_ids": true, "type": "vhash", "uuid": "f5c33690-7fa2-467b-8e24-62f7cf8c6114", "value": "016056655d1c0560d043z800417z57z62z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773275858", "to_ids": true, "type": "filename", "uuid": "023e45f5-9397-4230-8f29-bbc40a6040d5", "value": "handala.bin" }, { "category": "Other", "comment": "Checked: 12/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773275858", "to_ids": false, "type": "text", "uuid": "2705d7e7-d566-45c3-ab15-96258a29e020", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Acll\nVT Total Detection:45/72\nFirst Submission:2024-04-18T12:17:15.000000+00:00\nLast Submission:2024-04-24T14:52:55.000000+00:00" } ] } ] } }