{ "Event": { "analysis": "1", "date": "2026-03-13", "extends_uuid": "", "info": "[Threat Intel] Operation CamelClone: Multi-Region Espionage Campaign Targets Government and Defense Entities Amidst Regional Tensions", "protected": false, "publish_timestamp": "1774021977", "published": true, "threat_level_id": "2", "timestamp": "1774012537", "uuid": "c9979a19-f8f7-4395-8613-5f7d72345351", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#57356b", "local": false, "name": "misp-galaxy:producer=\"Seqrite\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#a42e64", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#0f0428", "local": false, "name": "misp-galaxy:target-information=\"Algeria\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658814", "to_ids": false, "type": "link", "uuid": "ff142f0a-80e8-4f45-81d1-57ad779bafb6", "value": "https://www.seqrite.com/blog/operation-camelclone-multi-region-espionage-campaign-targets-government-and-defense-entities-amidst-regional-tensions" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773658814", "to_ids": false, "type": "text", "uuid": "3c13921c-dfcc-42b5-9619-8fcca254a464", "value": "Operation CamelClone is a multi-region espionage campaign targeting government and defense entities in Algeria, Mongolia, Ukraine, and Kuwait. The attackers use spear-phishing emails with malicious ZIP archives containing lure documents and shortcuts. The infection chain involves a JavaScript loader called HOPPINGANT, which downloads additional payloads from public file-sharing websites. The campaign abuses legitimate tools like Rclone for data exfiltration to MEGA cloud storage. Targeting patterns suggest intelligence gathering objectives, focusing on foreign policy, defense capabilities, and diplomatic alignments of countries navigating major-power rivalries. The operation's use of public services for payload hosting and data exfiltration makes network-based detection challenging." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773658814", "to_ids": false, "type": "text", "uuid": "04fbad9e-656a-44aa-a62c-aa38a707d3d0", "value": "Name: Operation CamelClone: Multi-Region Espionage Campaign Targets Government and Defense Entities Amidst Regional Tensions\nAuthor: AlienVault\nAdversary: \nTags: [\"spear-phishing\", \"hoppingant\", \"espionage\", \"government\"]\nTgtd countries: [\"Algeria\", \"Mongolia\", \"Ukraine\", \"Kuwait\"]\nMlwr families: [\"HOPPINGANT\"]\nAttack_ids: [\"T1059.007\", \"T1204.002\", \"T1566.001\", \"T1005\", \"T1218\", \"T1059.001\", \"T1027\", \"T1567.002\", \"T1213\", \"T1071.001\", \"T1105\"]\nIndustries: [\"Government\", \"Defense\", \"Energy\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999956", "to_ids": true, "type": "url", "uuid": "7fd43d4a-2ea6-468e-9a50-988dbc121929", "value": "https://filebulldogs.com/uploads/82WX5GP8CI/a.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999977", "to_ids": true, "type": "url", "uuid": "739fe72f-9666-418e-9a61-79ab851b62e6", "value": "https://filebulldogs.com/uploads/82WX5GP8CI/document.pdf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999999", "to_ids": true, "type": "url", "uuid": "66d3eff5-d4c7-4293-87cb-331d279d8dce", "value": "https://filebulldogs.com/uploads/82WX5GP8CI/f.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000020", "to_ids": true, "type": "url", "uuid": "85f13184-d621-4a10-925f-960656db2167", "value": "https://filebulldogs.com/uploads/AVQB61TVOX/a.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000041", "to_ids": true, "type": "url", "uuid": "dfa8e4ed-36ad-4774-bbed-25ac9760013c", "value": "https://filebulldogs.com/uploads/AVQB61TVOX/document.pdf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000062", "to_ids": true, "type": "url", "uuid": "8501b289-c65c-4ff2-a8db-dd2c16bd459a", "value": "https://filebulldogs.com/uploads/AVQB61TVOX/f.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000085", "to_ids": true, "type": "url", "uuid": "f6fba1bb-7304-495c-bf2b-c105baf88ec5", "value": "https://filebulldogs.com/uploads/F1OQY9GU84/a.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000106", "to_ids": true, "type": "url", "uuid": "fc16a302-eaa0-43a5-a5a2-31540b9cf852", "value": "https://filebulldogs.com/uploads/F1OQY9GU84/document.pdf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000127", "to_ids": true, "type": "url", "uuid": "9b587370-61cf-4c09-a5dc-11fae9cfbd99", "value": "https://filebulldogs.com/uploads/F1OQY9GU84/f.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000149", "to_ids": true, "type": "url", "uuid": "c50412f6-e378-41c4-ae51-b53513d75c57", "value": "https://filebulldogs.com/uploads/OKW5RN48ZJ/a.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000170", "to_ids": true, "type": "url", "uuid": "4c76c605-221d-4118-83c0-f01a87be401c", "value": "https://filebulldogs.com/uploads/OKW5RN48ZJ/document.pdf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000191", "to_ids": true, "type": "url", "uuid": "e449feb1-fa98-4cd7-936a-7ede7265a45f", "value": "https://filebulldogs.com/uploads/OKW5RN48ZJ/f.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774000212", "to_ids": true, "type": "domain", "uuid": "d8ed133d-78b2-41ab-a82c-dbd3794d22d9", "value": "filebulldogs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658814", "to_ids": true, "type": "email-src", "uuid": "dc9d0928-fc6e-46b2-a0a1-5af355099904", "value": "coreyroberson@onionmail.org" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658814", "to_ids": true, "type": "email-src", "uuid": "19ef0733-ac69-4331-8bc8-e2767a8db849", "value": "keatonwalls@onionmail.org" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658814", "to_ids": true, "type": "email-src", "uuid": "bc3df0f1-3a21-48c0-9232-1601194624fe", "value": "oliwiagibbons@onionmail.org" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658814", "to_ids": true, "type": "email-src", "uuid": "c2cd8e31-2a7b-4164-b0c6-15c4759d8622", "value": "theresaunderwood@onionmail.org" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012254", "uuid": "0594b642-3645-4ae1-bbd0-6ebe39ff2b84", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000234", "to_ids": true, "type": "md5", "uuid": "9ec23acb-e7f5-49e7-b986-3d0bf0d4ca34", "value": "0fd9562521b49138fcebcea494f4ed74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999083", "to_ids": true, "type": "sha1", "uuid": "0d1a3dec-a75b-4bc4-953e-e72ffe22f9a6", "value": "713224a83b1b752eff75cddb2ebea540098d2745", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999083", "to_ids": true, "type": "sha256", "uuid": "c9f5989f-762b-44ca-84f0-32bafe503a4e", "value": "2dcaaedfad798dad87f27aef39885d2879825c4c8bed1dcd9e863aba0d463103", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997701", "to_ids": true, "type": "ssdeep", "uuid": "cb2cf141-69ab-409f-865f-2646d5e47d94", "value": "96:8TgY78o+pUdjgY7ZoGfV6KNR6zphyH2S/FXLr6TzpNkHPkOMfdBtYhT:Rho+umAoGfshyH2S/FXPepqHMOMFTYhT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997701", "to_ids": false, "type": "size-in-bytes", "uuid": "acc0fece-b188-4c49-b391-460a20ff7372", "value": "3135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997701", "to_ids": true, "type": "filename", "uuid": "a1c614d6-7c3c-46c0-87f4-08dc23586063", "value": "2dcaaedfad798dad87f27aef39885d2879825c4c8bed1dcd9e863aba0d463103.js" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997701", "to_ids": false, "type": "text", "uuid": "5a9289f0-bb1b-4667-aece-020627c7537a", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:21/61\nFirst Submission:2026-02-25T20:21:05.000000+00:00\nLast Submission:2026-02-26T00:52:59.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012254", "to_ids": false, "type": "text", "uuid": "645cf1dd-8ff3-49a3-9004-77123d500190", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:21/61" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012254", "to_ids": true, "type": "ssdeep", "uuid": "8c436afd-e9fb-43ab-b936-4806cae0b9ae", "value": "96:8TgY78o+pUdjgY7ZoGfV6KNR6zphyH2S/FXLr6TzpNkHPkOMfdBtYhT:Rho+umAoGfshyH2S/FXPepqHMOMFTYhT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012254", "to_ids": false, "type": "size-in-bytes", "uuid": "be1e6e5e-46ec-4201-81ef-9604571ac9e4", "value": "3135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012254", "to_ids": true, "type": "filename", "uuid": "2920922b-5674-4da3-a52c-48c48d0431d6", "value": "2dcaaedfad798dad87f27aef39885d2879825c4c8bed1dcd9e863aba0d463103.js" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012278", "uuid": "7a091a71-f8c2-49b3-978c-ca2b937220ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000255", "to_ids": true, "type": "md5", "uuid": "b57d28f0-efac-421d-9c4b-d7f0577a029b", "value": "12bf882a8fb8f16edccbe87adbbc3c59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999084", "to_ids": true, "type": "sha1", "uuid": "151fc40d-938c-486d-acc9-238200eef399", "value": "ae96ac92263c8e7d5e93e97de2664c21fecdfe75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999085", "to_ids": true, "type": "sha256", "uuid": "43ed8305-f316-4860-954f-956a3e92abc0", "value": "3e36b396c4cb71b8eaae2300c21bec26700b27ce5f6be83ef6b86d214e294c8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997724", "to_ids": true, "type": "ssdeep", "uuid": "267c12d2-2a89-4d2f-a6c6-c1d5fde8cf1d", "value": "393216:A9ypOPyUe5OvheiCIRbXqzzwv9bOm01ew6B:AEpOPynihwi6Qv9tx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997724", "to_ids": false, "type": "size-in-bytes", "uuid": "5fb8a4fb-033f-43f6-a59b-f1c3dbbbae0c", "value": "67394048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997724", "to_ids": true, "type": "vhash", "uuid": "946ecf76-0306-4eba-a5d7-5f2b4a65f372", "value": "067086655d55651d14155az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997724", "to_ids": true, "type": "filename", "uuid": "ea01691f-8982-4e60-bb02-2c0992b95ca1", "value": "rclone.exe" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997724", "to_ids": false, "type": "text", "uuid": "65a6463c-cc13-482f-85d7-dccc1951439f", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/70\nFirst Submission:2025-07-09T15:55:27.000000+00:00\nLast Submission:2026-03-12T18:15:04.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012278", "to_ids": false, "type": "text", "uuid": "ea8ebb4b-0f86-41e8-a826-9fbad697b1f1", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012278", "to_ids": true, "type": "ssdeep", "uuid": "49ea8011-afbe-4ac5-8e3b-ffacfeb4766b", "value": "393216:A9ypOPyUe5OvheiCIRbXqzzwv9bOm01ew6B:AEpOPynihwi6Qv9tx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012278", "to_ids": false, "type": "size-in-bytes", "uuid": "f580949f-6011-44d1-b76a-da21767811ef", "value": "67394048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012278", "to_ids": true, "type": "vhash", "uuid": "161eff9d-905a-47e2-817f-9951ea361f4b", "value": "067086655d55651d14155az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012278", "to_ids": true, "type": "filename", "uuid": "63b2f39f-666d-49c1-b3ed-ba352044a311", "value": "rclone.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012301", "uuid": "e91f3979-f0af-4040-b156-f0b0e030d536", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000277", "to_ids": true, "type": "md5", "uuid": "144b91a5-8303-4325-a44c-c2391a0d1181", "value": "32f747c1a4a9aff1b4cea7f35f2f5111", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999086", "to_ids": true, "type": "sha1", "uuid": "5903ab51-9978-4b77-b0db-e24fb53033a0", "value": "de32d402e6e883a86bee83911d00e4307a4c26e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999087", "to_ids": true, "type": "sha256", "uuid": "0d893909-320e-4860-9b85-51d3fe83714e", "value": "31f1a97c72f596162f0946df74838d3bef89289ce630adba8791c0f3220980ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997748", "to_ids": true, "type": "ssdeep", "uuid": "babe9073-90f6-41fc-ad61-5f3db30cdaf5", "value": "1536:9QuaFPFizi08jxJ8e+OQh7YcrpoQMeiFSZsEhgBSwDnub7tISsQXHiOm:KF+ibxJ8bOceneSmUuCIiOm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997748", "to_ids": false, "type": "size-in-bytes", "uuid": "722392aa-de19-491d-bfb3-935adfc0f372", "value": "65804" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997748", "to_ids": true, "type": "vhash", "uuid": "a0ea339a-8ce7-400e-83ec-2929dd57f3bc", "value": "371a1558c15da5a951af59f34e85f6cd" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997748", "to_ids": false, "type": "text", "uuid": "5d89928d-1f65-48ee-adc7-6c3ea90e95fd", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:26/65\nFirst Submission:2026-02-24T10:31:58.000000+00:00\nLast Submission:2026-02-24T10:31:58.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012301", "to_ids": false, "type": "text", "uuid": "6cda0de6-7ad1-406d-9aa3-9c5c4445c1ed", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:26/65" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012301", "to_ids": true, "type": "ssdeep", "uuid": "aa5face9-63c2-462c-be5a-41b74e859a7c", "value": "1536:9QuaFPFizi08jxJ8e+OQh7YcrpoQMeiFSZsEhgBSwDnub7tISsQXHiOm:KF+ibxJ8bOceneSmUuCIiOm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012301", "to_ids": false, "type": "size-in-bytes", "uuid": "7cccbe32-21bd-4be1-af33-273774057216", "value": "65804" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012301", "to_ids": true, "type": "vhash", "uuid": "8a8dc7fd-9c8e-4ac9-a872-c996f57c2b5f", "value": "371a1558c15da5a951af59f34e85f6cd" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012324", "uuid": "1d4ac5aa-45e7-477f-86ff-2782fb004ff0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000298", "to_ids": true, "type": "md5", "uuid": "005140b8-b489-4e5a-9bd2-a23213cf176e", "value": "376884baaa4b9505792afc81cdedda42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999088", "to_ids": true, "type": "sha1", "uuid": "6feae533-abef-460c-ad21-0b3ba7d52bd4", "value": "9a9944ee1c996875f5fac74b999034a53488a047", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999088", "to_ids": true, "type": "sha256", "uuid": "f21acc8e-5a85-4704-acbb-c52e1a437d73", "value": "2902cdee050a60c3129b4bb84e74ddda7b129c3473556f689d83609d9a5981a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997771", "to_ids": true, "type": "ssdeep", "uuid": "fd6fbd83-e4d7-4619-b897-3bdad86421c5", "value": "24:8hwWa5y5LEnXKPiW2lxAtWmV+/CWw+//fIPQJ4I0aho+Z5:8HVZEMfTnPQWI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997771", "to_ids": false, "type": "size-in-bytes", "uuid": "af4cb444-004a-43a1-a2a7-a830ac6c727a", "value": "1365" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997771", "to_ids": true, "type": "vhash", "uuid": "28b06d1d-fe6f-4dae-aaaf-24cf546c441a", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997771", "to_ids": true, "type": "filename", "uuid": "12df46d5-8b4f-4ad5-b8c3-5817df8efb28", "value": "\u0425\u044f\u0442\u0430\u0434 \u0443\u043b\u0441\u0442\u0430\u0439 \u0445\u0430\u043c\u0442\u044b\u043d \u0430\u0436\u0438\u043b\u043b\u0430\u0433\u0430\u0430\u0433\u0430\u0430 \u04e9\u0440\u0433\u04e9\u0436\u04af\u04af\u043b\u0436 \u0431\u0430\u0439\u043d\u0430.lnk" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997771", "to_ids": false, "type": "text", "uuid": "f1541e40-2529-42db-9c32-a3fb9eadfac4", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:35/62\nFirst Submission:2026-02-25T05:38:44.000000+00:00\nLast Submission:2026-03-03T11:54:47.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012324", "to_ids": false, "type": "text", "uuid": "d467c18e-87e9-49b4-a6b4-cc620e4e95ef", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:35/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012324", "to_ids": true, "type": "ssdeep", "uuid": "a3daa84f-ad0d-4988-b790-afb7dce410fb", "value": "24:8hwWa5y5LEnXKPiW2lxAtWmV+/CWw+//fIPQJ4I0aho+Z5:8HVZEMfTnPQWI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012324", "to_ids": false, "type": "size-in-bytes", "uuid": "fe1fa26d-d551-4d6f-871b-4e95d7eaabeb", "value": "1365" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012324", "to_ids": true, "type": "vhash", "uuid": "73e58144-e794-4037-aec5-6a2f720c4a9c", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012324", "to_ids": true, "type": "filename", "uuid": "6b9db486-5e8d-47ae-bc05-84e32701a76c", "value": "\u0425\u044f\u0442\u0430\u0434 \u0443\u043b\u0441\u0442\u0430\u0439 \u0445\u0430\u043c\u0442\u044b\u043d \u0430\u0436\u0438\u043b\u043b\u0430\u0433\u0430\u0430\u0433\u0430\u0430 \u04e9\u0440\u0433\u04e9\u0436\u04af\u04af\u043b\u0436 \u0431\u0430\u0439\u043d\u0430.lnk" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012347", "uuid": "117c0b14-054b-42d8-93f2-ed6544c65a7c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000319", "to_ids": true, "type": "md5", "uuid": "8ce32840-9409-462f-9b4d-7e7f37df1734", "value": "3f25c60d96f9cbbca7fd19278545207b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999090", "to_ids": true, "type": "sha1", "uuid": "f2e427ef-f50f-4c4b-84a1-8024fb585df5", "value": "80157e0a596b111519c3146fada535ed4304917f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999090", "to_ids": true, "type": "sha256", "uuid": "d7bcac74-1a99-41ca-af4e-330e053fd8d4", "value": "92962bfa6df48ec0f13713c437af021f4138dc5a419bc92bc8a376d625a6519a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997794", "to_ids": true, "type": "ssdeep", "uuid": "4d3935fa-8a3d-481c-8059-ed8b517a38bc", "value": "24:8hwWa5y5LEnXKPiW2lxAtWF+/CWw+//fIPd4I0aho+Z5:8HVZEMfCnPCI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997794", "to_ids": false, "type": "size-in-bytes", "uuid": "32fb0c10-fb0a-4f69-93f8-47baa732e3a5", "value": "1371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997794", "to_ids": true, "type": "vhash", "uuid": "8c5d5bce-a97a-412c-8a33-3853bb25e001", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997794", "to_ids": true, "type": "filename", "uuid": "d7bf427e-de89-477b-833b-b9360fb8a7a9", "value": "\u062f\u0639\u0648\u0629 \u0644\u0644\u0645\u0634\u0627\u0631\u0643\u0629.lnk" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997794", "to_ids": false, "type": "text", "uuid": "ae338c55-a531-4e05-a1d6-a27999b1cf84", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:35/62\nFirst Submission:2026-02-24T10:32:22.000000+00:00\nLast Submission:2026-03-03T11:57:08.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012347", "to_ids": false, "type": "text", "uuid": "0b783d7f-c2c4-4a8f-aa55-531392f4f9aa", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:35/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012347", "to_ids": true, "type": "ssdeep", "uuid": "8c007ffa-d17d-40a2-9833-49550f89200e", "value": "24:8hwWa5y5LEnXKPiW2lxAtWF+/CWw+//fIPd4I0aho+Z5:8HVZEMfCnPCI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012347", "to_ids": false, "type": "size-in-bytes", "uuid": "463f306c-79a5-4b2d-9e41-eb7b077c1cda", "value": "1371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012347", "to_ids": true, "type": "vhash", "uuid": "85b03a03-5968-464b-8f9c-c3f8014b5002", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012347", "to_ids": true, "type": "filename", "uuid": "fc7081df-26ad-4d11-8ebf-a92a2b2e0854", "value": "\u062f\u0639\u0648\u0629 \u0644\u0644\u0645\u0634\u0627\u0631\u0643\u0629.lnk" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012370", "uuid": "39acb24a-fbb2-4cba-962b-1014e9a15c13", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000342", "to_ids": true, "type": "md5", "uuid": "a70c872f-275f-4c90-8c1f-c378d4ffdf29", "value": "4ad8d263065e46d0e2fd4183f89258ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999092", "to_ids": true, "type": "sha1", "uuid": "1409f93c-94dc-48ae-a945-b95433d26879", "value": "8cc3fabb8c8783cb38ac26e6c3137ef8af6901ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999092", "to_ids": true, "type": "sha256", "uuid": "b8f7a28b-4a81-4a02-8ab4-0389716e3e43", "value": "1d0ea66d347325902e20a12e1f2f084be45d3d6045264e513dcc420b9928013c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997818", "to_ids": true, "type": "ssdeep", "uuid": "2a699b1d-26ac-4be3-9149-70e9b67cd020", "value": "24:8hwWa5y5LEnXKPiW2lxAtWF+/CWw+//fIPV4I0aho+Z5:8HVZEMfCnPqI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997818", "to_ids": false, "type": "size-in-bytes", "uuid": "d90feb01-2cce-4b3b-8019-82e7e6eb65df", "value": "1371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997818", "to_ids": true, "type": "vhash", "uuid": "0c9f02e8-f634-423a-aa85-f73999aff7db", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997818", "to_ids": true, "type": "filename", "uuid": "f6eeb1c1-8cdf-4496-bb16-66c58203f91a", "value": "Weapons requirements for the Kuwait Air Force.lnk" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997818", "to_ids": false, "type": "text", "uuid": "d6030c8b-1971-443d-8467-313d72b08b4a", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK.STL!MTB\nVT Total Detection:35/62\nFirst Submission:2026-03-04T07:39:09.000000+00:00\nLast Submission:2026-03-04T20:45:14.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012370", "to_ids": false, "type": "text", "uuid": "8c979e5f-f45c-4a7e-bc35-6c7d9b9a7185", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK.STL!MTB\nVT Total Detection:35/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012370", "to_ids": true, "type": "ssdeep", "uuid": "b3018b85-7ff4-47f9-9340-67e9ab84a5e1", "value": "24:8hwWa5y5LEnXKPiW2lxAtWF+/CWw+//fIPV4I0aho+Z5:8HVZEMfCnPqI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012370", "to_ids": false, "type": "size-in-bytes", "uuid": "d988a9b2-56f5-410a-9fbf-4462e2b3e748", "value": "1371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012370", "to_ids": true, "type": "vhash", "uuid": "ae5953e5-2e54-47b1-a6c7-e399900bd1b4", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012370", "to_ids": true, "type": "filename", "uuid": "37f0f37e-f99e-4d24-bbf3-31b66ae2a9ba", "value": "Weapons requirements for the Kuwait Air Force.lnk" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012393", "uuid": "dd251407-0a4b-41dc-8ba4-ad63a6bb1ac9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000363", "to_ids": true, "type": "md5", "uuid": "bfa70c29-63e0-4df8-9359-9985507656f9", "value": "8cecabbb0f7555afaa302e89e5fcbf5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999094", "to_ids": true, "type": "sha1", "uuid": "be98be85-750c-4df6-9fb6-d5d2bfb13028", "value": "b9729934cc92f0b1ff9a87f70637e6adfaf416b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999094", "to_ids": true, "type": "sha256", "uuid": "9cd2859f-a402-470e-a3c9-4d6278d90ec2", "value": "4a0e2649f89e11121ffe55546ee081ac07472db650d094314414ebf26fcb7a8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997841", "to_ids": true, "type": "ssdeep", "uuid": "0f3e8a90-fcb2-4ad9-8676-42954e2cd725", "value": "3072:s+mII23WU02AvjKmaqnQgjzIrrhlLAKleh7l3vP9FRcHC:s+lAKePIrHWhB339Ff" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997841", "to_ids": false, "type": "size-in-bytes", "uuid": "772d3b4b-e345-4258-8114-3da2ab2f6850", "value": "152023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997841", "to_ids": true, "type": "vhash", "uuid": "f7d97114-140d-4cb1-bf37-ddef75dd1476", "value": "6af25acb38ea3355f57338cc10fe4245" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997841", "to_ids": true, "type": "filename", "uuid": "6e823946-03f7-43db-9e89-b7a7babd20ef", "value": "\u0425\u044f\u0442\u0430\u0434 \u0443\u043b\u0441\u0442\u0430\u0439 \u0445\u0430\u043c\u0442\u044b\u043d \u0430\u0436\u0438\u043b\u043b\u0430\u0433\u0430\u0430\u0433\u0430\u0430 \u04e9\u0440\u0433\u04e9\u0436\u04af\u04af\u043b\u0436 \u0431\u0430\u0439\u043d\u0430.zip" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997841", "to_ids": false, "type": "text", "uuid": "6a533149-95dd-4d78-9653-de6353b49b08", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:30/65\nFirst Submission:2026-02-25T05:37:19.000000+00:00\nLast Submission:2026-03-05T02:05:54.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012393", "to_ids": false, "type": "text", "uuid": "4f0266a6-2ab3-44be-8195-0ff168aff2dc", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:30/65" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012393", "to_ids": true, "type": "ssdeep", "uuid": "bad64229-56e9-489d-9eec-b64b2f0b851a", "value": "3072:s+mII23WU02AvjKmaqnQgjzIrrhlLAKleh7l3vP9FRcHC:s+lAKePIrHWhB339Ff" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012393", "to_ids": false, "type": "size-in-bytes", "uuid": "ce3fa2f3-8fe8-4662-aacf-115331975017", "value": "152023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012393", "to_ids": true, "type": "vhash", "uuid": "02c2f974-270c-4fce-94a4-bfeebb344d0c", "value": "6af25acb38ea3355f57338cc10fe4245" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012393", "to_ids": true, "type": "filename", "uuid": "6e5face1-e04a-42b5-bebd-2b9ffc1750fe", "value": "\u0425\u044f\u0442\u0430\u0434 \u0443\u043b\u0441\u0442\u0430\u0439 \u0445\u0430\u043c\u0442\u044b\u043d \u0430\u0436\u0438\u043b\u043b\u0430\u0433\u0430\u0430\u0433\u0430\u0430 \u04e9\u0440\u0433\u04e9\u0436\u04af\u04af\u043b\u0436 \u0431\u0430\u0439\u043d\u0430.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012417", "uuid": "c5ec7cd2-9871-4b0d-9a80-176f123b01fe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000384", "to_ids": true, "type": "md5", "uuid": "bbca8eba-7b47-4b83-aa98-e94ee709eb9c", "value": "a494d88d211743076b87c71ff26b9fb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999096", "to_ids": true, "type": "sha1", "uuid": "fe2605d2-3d3e-42e9-ad5f-7843d952378c", "value": "5939ac61b4d9d4430ffaa0cf24df21588ffce88b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999096", "to_ids": true, "type": "sha256", "uuid": "5caa32c6-d5c9-4fbb-914c-f9ecfc0df47a", "value": "51af876b0f7fde362c69219f7dec39f7fb667fb53dc5fe2cbdf841d6c5951460", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997864", "to_ids": true, "type": "ssdeep", "uuid": "34065405-47fc-48cf-8bf3-b4c5e95ab67b", "value": "1536:GCdEkoQLQzkVC0mknya5RKZX04G9wS3+LDIzbvIi/jgR4V0+kfqobe1kgKj:GgszKC0bya5RKZkN9wS3cIHVRHkfvqJu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997864", "to_ids": false, "type": "size-in-bytes", "uuid": "0c023745-4a2d-4e9f-8797-284424bae205", "value": "95841" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997864", "to_ids": true, "type": "vhash", "uuid": "18705e47-f170-4a74-9c75-da0cce08098f", "value": "65ce501b78d5c585e93f122afaec686d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997864", "to_ids": true, "type": "filename", "uuid": "93d6c50b-b4ed-4cea-910c-eadde5a05284", "value": "Weapons%20requirements%20for%20the%20Kuwait%20Air%20Force.zip" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997864", "to_ids": false, "type": "text", "uuid": "dd63ab3f-a8b7-4bd2-a7d3-5ae980b7160c", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:30/65\nFirst Submission:2026-03-04T07:38:45.000000+00:00\nLast Submission:2026-03-04T07:38:45.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012417", "to_ids": false, "type": "text", "uuid": "a5a238f6-dd46-41fb-842c-68c3617c3c3f", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:30/65" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012417", "to_ids": true, "type": "ssdeep", "uuid": "121c654f-2b7f-4a85-b656-e9a889305c50", "value": "1536:GCdEkoQLQzkVC0mknya5RKZX04G9wS3+LDIzbvIi/jgR4V0+kfqobe1kgKj:GgszKC0bya5RKZkN9wS3cIHVRHkfvqJu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012417", "to_ids": false, "type": "size-in-bytes", "uuid": "31da198e-d03d-441e-80c3-e9000a598b7f", "value": "95841" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012417", "to_ids": true, "type": "vhash", "uuid": "0c6625e8-dee1-4054-83ad-b2c07c35894b", "value": "65ce501b78d5c585e93f122afaec686d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012417", "to_ids": true, "type": "filename", "uuid": "2ce02223-e4ab-4942-b6e8-a31a1a3946e2", "value": "Weapons%20requirements%20for%20the%20Kuwait%20Air%20Force.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012444", "uuid": "19ff4b55-68d4-470f-9ba5-269be30e068f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000406", "to_ids": true, "type": "md5", "uuid": "a5055322-98a9-45e3-8bcf-8b7eb2e782ef", "value": "c73c308a137ff7805577042cc9e923e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999098", "to_ids": true, "type": "sha1", "uuid": "9b46f94c-491a-4b25-b668-99ed840ca9d4", "value": "6bfcddd912e6d87311eed5ae77fb53e1fdb5b184", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999098", "to_ids": true, "type": "sha256", "uuid": "dfd9909f-4237-49e1-922c-13a87789cae2", "value": "27d7a398a58c12093bc49f7144dac2f079232768096d0558c226ea5c53782e29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997888", "to_ids": true, "type": "ssdeep", "uuid": "1290a5bd-0083-4a10-b94a-6baed648ce25", "value": "1536:2QuaFPFizi08jxJ8e+OQh7YcrpoQMeiFSZsEhgBSwDnub7tISsQXHif:LF+ibxJ8bOceneSmUuCIif" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997888", "to_ids": false, "type": "size-in-bytes", "uuid": "d7fbb855-9849-46ef-977d-0858dec61ebf", "value": "65740" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997888", "to_ids": true, "type": "vhash", "uuid": "17d118ce-eabe-433f-9cd0-8b6e57510c44", "value": "4d86fe76578bbce2afa7c47288ef39c0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997888", "to_ids": true, "type": "filename", "uuid": "54d3acf3-6c24-451e-b956-905c7b8ce79a", "value": "Algerian Ukrainian proposals for cooperation.zip" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997888", "to_ids": false, "type": "text", "uuid": "d889e19d-8ccc-4558-a7da-01de30bc61e5", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:29/65\nFirst Submission:2026-03-03T09:08:22.000000+00:00\nLast Submission:2026-03-04T07:27:20.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012444", "to_ids": false, "type": "text", "uuid": "ee7da27a-0734-45bd-948e-a001206dfa5b", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:29/65" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012444", "to_ids": true, "type": "ssdeep", "uuid": "d12832df-8af9-4e09-9ba6-1fa521bdea42", "value": "1536:2QuaFPFizi08jxJ8e+OQh7YcrpoQMeiFSZsEhgBSwDnub7tISsQXHif:LF+ibxJ8bOceneSmUuCIif" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012444", "to_ids": false, "type": "size-in-bytes", "uuid": "e8b15669-80e5-4374-91a2-c2cac7525a52", "value": "65740" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012444", "to_ids": true, "type": "vhash", "uuid": "01981a91-ae7b-4571-ae4f-67c86c4b7b99", "value": "4d86fe76578bbce2afa7c47288ef39c0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012444", "to_ids": true, "type": "filename", "uuid": "1b71caef-7528-4e11-9781-b488e824bd12", "value": "Algerian Ukrainian proposals for cooperation.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012468", "uuid": "76abe12e-b0d4-4370-b262-37970525bfe4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000427", "to_ids": true, "type": "md5", "uuid": "6f8e121e-e8ac-45da-8592-abe2dfb2415f", "value": "db5a302fa7255a3b88873e7979555f32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999100", "to_ids": true, "type": "sha1", "uuid": "3fee4219-aac2-457c-bcc3-3ea36bd5284a", "value": "b14b6e374e04af4ec98f003cae40b5ee6c42913f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999100", "to_ids": true, "type": "sha256", "uuid": "506302e0-4169-43ab-a5f2-5f45aef8222f", "value": "2671e1f43b2e5911310c5b3f124c076055eec5dee4e596854332ffcf791fd740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997911", "to_ids": true, "type": "ssdeep", "uuid": "b7a4aaf2-b8f1-43a9-a138-db465c8cdc2e", "value": "24:8hwWa5y5LEnXKPiW2lxAtWF+/CWw+//fIP24I0aho+Z5:8HVZEMfCnPJI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997911", "to_ids": false, "type": "size-in-bytes", "uuid": "dff30d55-e68c-418d-b86b-ce81e518ae34", "value": "1371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997911", "to_ids": true, "type": "vhash", "uuid": "ccd56fef-7100-4fcd-a990-0b5cb9b4a04f", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997911", "to_ids": true, "type": "filename", "uuid": "6f62a573-4602-462d-99f2-fcb7762a10b6", "value": "Algerian Ukrainian proposals for cooperation.lnk" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997911", "to_ids": false, "type": "text", "uuid": "9e6484bc-083b-4325-b349-d1e96d6506ed", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:38/62\nFirst Submission:2026-03-03T09:08:50.000000+00:00\nLast Submission:2026-03-03T11:50:48.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012468", "to_ids": false, "type": "text", "uuid": "c7a86b52-e9a0-497a-aaed-f6102143df80", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:38/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012468", "to_ids": true, "type": "ssdeep", "uuid": "b25628dc-5122-4fd7-87e5-523041ab821a", "value": "24:8hwWa5y5LEnXKPiW2lxAtWF+/CWw+//fIP24I0aho+Z5:8HVZEMfCnPJI0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012468", "to_ids": false, "type": "size-in-bytes", "uuid": "6526b6fd-389d-4fd4-a9e1-9806b1319c16", "value": "1371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012468", "to_ids": true, "type": "vhash", "uuid": "615752b6-d96e-4c76-b34f-1a95747db4e0", "value": "a4facf9582aabdda446217cd1d154ef2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012468", "to_ids": true, "type": "filename", "uuid": "3698258f-300b-45b8-8083-b52fd4c05e96", "value": "Algerian Ukrainian proposals for cooperation.lnk" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012491", "uuid": "c5150d26-c791-4ffe-89c3-4e079aafe2e5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000448", "to_ids": true, "type": "md5", "uuid": "171921dc-a576-44b7-a31d-5b334b07bcb4", "value": "f40d601a48a96e70bae87c76c8969c45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999102", "to_ids": true, "type": "sha1", "uuid": "b81e9c73-0898-4822-85af-41088e9f9464", "value": "9964aab054509de11b1101c04c67d0ac84a25f1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999102", "to_ids": true, "type": "sha256", "uuid": "5c7778e7-7205-480f-949d-ffed88407b87", "value": "230a22a1f1800f11718b43a7ce9390d2ef0fa9dc212d954c8fafbfbe997bbbef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997935", "to_ids": true, "type": "ssdeep", "uuid": "4f990c42-5441-4f2e-a7ec-7b501aed3b36", "value": "96:8TgY7n4o+pUdjgY7ntoGfVN3tMQLCYVXLr6TzpNkHPkOMfdBtYhT:RBo+umgoGfxLCIXPepqHMOMFTYhT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997935", "to_ids": false, "type": "size-in-bytes", "uuid": "d35451a1-5f1e-4508-8ffb-fc198e54953b", "value": "3079" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997935", "to_ids": true, "type": "filename", "uuid": "62749e10-f2c5-4dfb-b552-afc4f265d5e1", "value": "230a22a1f1800f11718b43a7ce9390d2ef0fa9dc212d954c8fafbfbe997bbbef.js" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997935", "to_ids": false, "type": "text", "uuid": "c18d97e8-a98c-4d60-8be5-0a5592b55e0b", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:25/62\nFirst Submission:2026-03-04T09:38:46.000000+00:00\nLast Submission:2026-03-04T12:06:34.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012491", "to_ids": false, "type": "text", "uuid": "49a3b648-b44e-45ac-b696-b86913bc2e79", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:25/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012491", "to_ids": true, "type": "ssdeep", "uuid": "43fd314c-567c-4f44-9455-512d23a5e31e", "value": "96:8TgY7n4o+pUdjgY7ntoGfVN3tMQLCYVXLr6TzpNkHPkOMfdBtYhT:RBo+umgoGfxLCIXPepqHMOMFTYhT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012491", "to_ids": false, "type": "size-in-bytes", "uuid": "3ff24ff9-9e2b-41ae-a31b-74b666717b7e", "value": "3079" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012491", "to_ids": true, "type": "filename", "uuid": "de6bdab0-d384-4b47-b1ae-89af47cfc64b", "value": "230a22a1f1800f11718b43a7ce9390d2ef0fa9dc212d954c8fafbfbe997bbbef.js" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012514", "uuid": "53d186e3-9a34-4e85-b3d9-a92bd38ee010", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000470", "to_ids": true, "type": "md5", "uuid": "36580cc2-e86c-46fe-a55e-ac997dc26f46", "value": "fda501d63f3d2d74e05a63e0d51ee0cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999104", "to_ids": true, "type": "sha1", "uuid": "7f9523d4-09b3-47a2-8bb1-f7aa764c300d", "value": "0a94b4351852e78fdf38db25617d6a58d394d649", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999104", "to_ids": true, "type": "sha256", "uuid": "03846cd5-a1d6-4a53-b8c4-feb3c55dd566", "value": "62c477c0827752ffeb8ea243497eef1c666fc41025d287909d021bceb5b8e699", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997958", "to_ids": true, "type": "ssdeep", "uuid": "3d1ff2bb-91d0-48cc-8914-edfc94504bdf", "value": "96:8TgY7XEo+pUdjgY7XBoGfVLOwOx1LCYyXLr6TzpNkHPkOMfdBtYhT:RKEo+umKBoGfQNLCnXPepqHMOMFTYhT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997958", "to_ids": false, "type": "size-in-bytes", "uuid": "1ce3927d-58db-4cbc-b75d-93d36223290c", "value": "3151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997958", "to_ids": true, "type": "filename", "uuid": "eeb8f49e-05c5-45a6-bb87-ffdc477d583c", "value": "ghvzl.exe" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997958", "to_ids": false, "type": "text", "uuid": "77b29717-f0b9-483b-bf7a-5c1127d33f5a", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:23/61\nFirst Submission:2026-03-03T09:10:21.000000+00:00\nLast Submission:2026-03-03T11:42:07.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012514", "to_ids": false, "type": "text", "uuid": "b173f41c-9802-4f11-bc4b-f990ec6aea4e", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:23/61" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012514", "to_ids": true, "type": "ssdeep", "uuid": "96c97e01-abdc-4b80-a77d-7b7c2c480a9b", "value": "96:8TgY7XEo+pUdjgY7XBoGfVLOwOx1LCYyXLr6TzpNkHPkOMfdBtYhT:RKEo+umKBoGfQNLCnXPepqHMOMFTYhT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012514", "to_ids": false, "type": "size-in-bytes", "uuid": "18cbd706-e8cf-47dd-8ad9-a1af92974f93", "value": "3151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012514", "to_ids": true, "type": "filename", "uuid": "58336613-7d60-4bcf-9edb-42ab2d770de0", "value": "ghvzl.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012537", "uuid": "668ffaf4-cd15-45f3-a0da-e1e11d2903a0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774000491", "to_ids": true, "type": "md5", "uuid": "51e471a4-c77b-436f-8a2a-46046b8b3062", "value": "cad5822d205b5680c0e5e7451aac258d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999106", "to_ids": true, "type": "sha1", "uuid": "dda6f2bf-2fd3-4fc2-9509-007b96c3792c", "value": "301bc8f912e441e5067a31e6682017925e0c44ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999106", "to_ids": true, "type": "sha256", "uuid": "9a2dbfc2-1e18-41da-835f-9eed5dc83e01", "value": "630ac67d8db777ae0b93e066bd13b21908e79f23a41a64448f0a4ea38c063a44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997982", "to_ids": true, "type": "ssdeep", "uuid": "612d3b9b-dece-45e9-b760-03136ac74812", "value": "96:8TgY79o+pUdjgY7UoGfVhvMzphyH2SpLh15lh7kF9aQjr6Tv:Roo+um9oGfv2hyH2Spl1nh7kF9aQXa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997982", "to_ids": false, "type": "size-in-bytes", "uuid": "b7675899-2fe8-4805-b4d4-829a50761f80", "value": "3135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997982", "to_ids": true, "type": "vhash", "uuid": "7aacdee7-8ff5-463c-b10f-dac029027735", "value": "6cb2ea71c5ec267b17031f6faf7104ce" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997982", "to_ids": true, "type": "filename", "uuid": "2cc30459-b3f0-48eb-bbd2-03e7371a6784", "value": "630ac67d8db777ae0b93e066bd13b21908e79f23a41a64448f0a4ea38c063a44.js" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997982", "to_ids": false, "type": "text", "uuid": "6c821ef4-e425-4ac2-92f5-c237e964f37b", "value": "Type Description: JavaScript\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:24/61\nFirst Submission:2026-02-24T14:29:00.000000+00:00\nLast Submission:2026-02-24T15:22:02.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012537", "to_ids": false, "type": "text", "uuid": "315dafd0-458a-419f-a5ec-a9d64c01c7c0", "value": "Type Description: JavaScript\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:24/61" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012537", "to_ids": true, "type": "ssdeep", "uuid": "72c3d6c1-891b-49ad-84ec-561112f2ed26", "value": "96:8TgY79o+pUdjgY7UoGfVhvMzphyH2SpLh15lh7kF9aQjr6Tv:Roo+um9oGfv2hyH2Spl1nh7kF9aQXa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012537", "to_ids": false, "type": "size-in-bytes", "uuid": "5cd268fc-3320-4ac3-bbd7-297537a1dc2d", "value": "3135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012537", "to_ids": true, "type": "vhash", "uuid": "0bf3aadf-c0b4-4eac-95e6-737e19b23bf1", "value": "6cb2ea71c5ec267b17031f6faf7104ce" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012537", "to_ids": true, "type": "filename", "uuid": "423485d7-0ab4-485a-8083-8b5e1a08c697", "value": "630ac67d8db777ae0b93e066bd13b21908e79f23a41a64448f0a4ea38c063a44.js" } ] } ] } }