{ "Event": { "analysis": "1", "date": "2026-03-12", "extends_uuid": "", "info": "[Threat Intel] A Slopoly start to AI-enhanced ransomware attacks", "protected": false, "publish_timestamp": "1774245817", "published": true, "threat_level_id": "2", "timestamp": "1774245817", "uuid": "c53b86b3-6be9-4c8a-816e-585456d11feb", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#6675db", "local": false, "name": "misp-galaxy:producer=\"IBM X-Force\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#657ac3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol Tunneling - T1572\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#18005c", "local": false, "name": "rectifyq:topic=\"ai\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"interlock\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773802817", "to_ids": false, "type": "link", "uuid": "961170e1-bff1-4617-bdf7-52c4129c437c", "value": "https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773802817", "to_ids": false, "type": "text", "uuid": "8e466e0a-957f-4370-b6a7-c64ec225ab7d", "value": "IBM X-Force discovered a likely AI-generated malware named 'Slopoly' used in a ransomware attack by the Hive0163 group. This marks the beginning of AI adoption among cybercrime groups, potentially transforming the threat landscape. Slopoly, while relatively unsophisticated, demonstrates how easily threat actors can use AI to develop new malware quickly. The attack involved ClickFix social engineering, NodeSnake malware, and InterlockRAT, culminating in the deployment of Interlock ransomware. This incident highlights the growing trend of AI-generated and AI-integrated malware, which could lead to more ephemeral and difficult-to-attribute attacks, challenging traditional threat intelligence methods." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773802817", "to_ids": false, "type": "text", "uuid": "ceaefd30-ef70-484c-ae05-e77f6ee30a50", "value": "Name: A Slopoly start to AI-enhanced ransomware attacks\nAuthor: AlienVault\nAdversary: Hive0163\nTags: [\"nodesnake\", \"ai-generated malware\", \"cybercrime\", \"ransomware\", \"slopoly\", \"clickfix\", \"interlockrat\", \"interlock\"]\nTgtd countries: []\nMlwr families: [\"Slopoly\", \"NodeSnake\", \"InterlockRAT\", \"Interlock\"]\nAttack_ids: [\"T1053.005\", \"T1132.001\", \"T1082\", \"T1036\", \"T1572\", \"T1059.001\", \"T1566\", \"T1027\", \"T1486\", \"T1071.001\", \"T1518\", \"T1105\", \"T1490\", \"T1090.001\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1773802817", "to_ids": false, "type": "threat-actor", "uuid": "55a34f24-1f2b-412a-b6aa-a7998f981903", "value": "Hive0163" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236154", "to_ids": true, "type": "ip-dst", "uuid": "3f8b1b3e-835b-41d6-a450-06a48ac7a272", "value": "94.156.181.89", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236176", "to_ids": true, "type": "domain", "uuid": "ea7b6be0-f39d-49d4-9de9-43c955f8e65a", "value": "plurfestivalgalaxy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236198", "to_ids": true, "type": "hostname", "uuid": "f0db98f1-7efe-446b-9394-f93b1c0f71fa", "value": "baseline-include-priority-bar.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236221", "to_ids": true, "type": "hostname", "uuid": "34e3fdd4-d2ee-4d12-8406-cca8d5aa9510", "value": "bits-promotions-turned-editions.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236243", "to_ids": true, "type": "hostname", "uuid": "96161e00-1d13-468f-b78b-83144c672034", "value": "bridal-custody-private-bodies.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236265", "to_ids": true, "type": "hostname", "uuid": "7042fb60-c0b1-4174-91e4-c672fd6c9fc7", "value": "chronic-dividend-amendments-das.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236287", "to_ids": true, "type": "hostname", "uuid": "cdaea112-35ab-4785-a375-89902cda1e12", "value": "cigarette-assumed-biotechnology-checklist.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236310", "to_ids": true, "type": "hostname", "uuid": "24dff95a-efb5-4ae3-85cb-379ef713c6e0", "value": "coffee-lloyd-families-excluded.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236332", "to_ids": true, "type": "hostname", "uuid": "8ae870d1-b62e-4068-80a0-f6fb4b806a95", "value": "communist-flying-provision-calendar.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236354", "to_ids": true, "type": "hostname", "uuid": "f0089a07-f539-4fb9-ae46-30e0d4c4cb7e", "value": "corner-teacher-guam-characterization.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236377", "to_ids": true, "type": "hostname", "uuid": "33aad5c7-616e-4f15-9218-271c2272817e", "value": "describe-absent-operational-seventh.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236398", "to_ids": true, "type": "hostname", "uuid": "3f75e4c9-47ed-4857-9cf5-37f8e80acd19", "value": "edinburgh-packaging-sense-idol.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236420", "to_ids": true, "type": "hostname", "uuid": "f31294d9-e883-46c4-9f09-be06e3f7a60f", "value": "electrical-protect-molecular-underground.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236443", "to_ids": true, "type": "hostname", "uuid": "c303a7dd-5df0-46e2-905f-b6bc3191d664", "value": "eugene-examinations-contained-timber.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236464", "to_ids": true, "type": "hostname", "uuid": "4d73e588-d1b0-4581-afb4-8bb2e218ccc5", "value": "forget-canal-chancellor-mas.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236488", "to_ids": true, "type": "hostname", "uuid": "9f34c474-813c-48ee-82c9-e3f255ba8921", "value": "gzip-picked-istanbul-maple.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236510", "to_ids": true, "type": "hostname", "uuid": "46f56d55-9a02-4248-b8d5-e5e81d371711", "value": "jane-practitioner-lightning-preservation.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236532", "to_ids": true, "type": "hostname", "uuid": "863b2a5f-af96-4b97-b4ac-323559edd663", "value": "lamp-voters-biodiversity-phillips.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236554", "to_ids": true, "type": "hostname", "uuid": "fdc25747-7d95-4f58-8882-279d0d8de697", "value": "liverpool-patterns-lanes-specified.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236576", "to_ids": true, "type": "hostname", "uuid": "8cc6b9bc-36e0-4352-a4ac-122035f57d44", "value": "logan-practitioners-percent-cartridges.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236599", "to_ids": true, "type": "hostname", "uuid": "e9858782-c7f1-4802-a39c-66f14ce9804a", "value": "meet-noted-tax-qualification.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236621", "to_ids": true, "type": "hostname", "uuid": "2fed653c-ba6b-4309-a681-4434329aa945", "value": "misc-elliott-mouth-leading.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236644", "to_ids": true, "type": "hostname", "uuid": "26c93e79-e1d1-424a-b561-8cd151f2dff5", "value": "module-source-tree-diverse.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236666", "to_ids": true, "type": "hostname", "uuid": "2c6cc127-da20-4b66-a222-2c4c0e63f5dd", "value": "moore-cgi-pen-drove.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236688", "to_ids": true, "type": "hostname", "uuid": "dcf21767-0dc5-4a52-b85b-e54c298a0fc6", "value": "offers-listing-screenshot-alpha.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236711", "to_ids": true, "type": "hostname", "uuid": "1cea76d7-339f-4349-a26e-8bf19c621a78", "value": "planners-mixing-edmonton-endless.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236733", "to_ids": true, "type": "hostname", "uuid": "9d0fa459-36f9-48bf-880d-3c183ea9616a", "value": "playback-attributes-interviews-processing.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236755", "to_ids": true, "type": "hostname", "uuid": "f8625161-3897-49b6-99b5-f23a31c90cf4", "value": "postal-ssl-converted-quantity.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236777", "to_ids": true, "type": "hostname", "uuid": "9236c3ea-b44b-409f-ac45-a50064575316", "value": "rpm-chicken-during-staying.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236799", "to_ids": true, "type": "hostname", "uuid": "82333e57-1acf-4de4-ac54-3afafad2fd0d", "value": "safe-accepted-salem-early.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236822", "to_ids": true, "type": "hostname", "uuid": "fbf38ae4-875d-468a-bbd6-ab5183a92304", "value": "screenshots-executive-joins-hammer.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236844", "to_ids": true, "type": "hostname", "uuid": "23da7df2-de60-4f16-ab48-e2392970de5d", "value": "silk-lift-porter-correctly.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236866", "to_ids": true, "type": "hostname", "uuid": "20e8eaa3-b5b9-4ca5-8b15-570d7a66de93", "value": "specials-storm-height-warriors.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236888", "to_ids": true, "type": "hostname", "uuid": "c73e3812-19d2-4ea3-98da-ef1230bfdd3c", "value": "wives-bufing-humans-prot.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236910", "to_ids": true, "type": "hostname", "uuid": "7f51908d-9cf4-4044-a1cb-a262d5bfb8ea", "value": "yen-hansen-cartoon-aims.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236932", "to_ids": true, "type": "ip-dst", "uuid": "ddc97b93-a1ab-4d8a-b39f-0876169b7b73", "value": "77.42.75.119", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236954", "to_ids": true, "type": "ip-dst", "uuid": "757beca1-2470-427f-9c12-8a905e6f30cd", "value": "23.227.203.123", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774236976", "to_ids": true, "type": "ip-dst", "uuid": "2b31e831-7579-4b5f-96ff-3c520bed3196", "value": "172.86.68.64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774236998", "uuid": "ca67c312-01de-4e57-b9d6-e2d6b771a42a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774236998", "to_ids": true, "type": "md5", "uuid": "088148a4-bfb0-4133-a3f6-7970dc7db160", "value": "ee5b997a34653f79d8ab1f35403d1a38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234979", "to_ids": true, "type": "sha1", "uuid": "c27b3942-6f52-46d0-8a71-cb7f3ecb6c10", "value": "1cc39fefbbc98ef8d4960107b373efd0c6ed6005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234979", "to_ids": true, "type": "sha256", "uuid": "1485057c-2978-4206-8e1e-9f58343bf3cd", "value": "0884e5590bdf3763f8529453fbd24ee46a3a460bba4c2da5b0141f5ec6a35675", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232353", "to_ids": true, "type": "ssdeep", "uuid": "6b0a8593-e74a-4553-9906-cde6acb93629", "value": "192:P7H4pnU3J2AEG/iQXpCyWPDICJ53HQsaGAUc:PLF3JhMB3wZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232353", "to_ids": false, "type": "size-in-bytes", "uuid": "2c731c4f-281b-4840-abb4-7190d1e650b2", "value": "6176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232353", "to_ids": true, "type": "vhash", "uuid": "1b8931ec-73a0-4954-bf26-d433412478c6", "value": "648d22a0090ae9b3d2e89c3552b12a35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232353", "to_ids": true, "type": "filename", "uuid": "39972c74-5b86-4791-903e-508f3ff6a920", "value": "slopoly_redacted.ps1" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232353", "to_ids": false, "type": "text", "uuid": "c2a27884-01a8-4982-8840-e076e692de63", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Malgent!MSR\nVT Total Detection:24/63\nFirst Submission:2026-03-13T07:55:05.000000+00:00\nLast Submission:2026-03-13T07:55:05.000000+00:00" } ] } ] } }